[jdk11u-dev] RFR: 8263188: JSSE should fail fast if there isn't supported signature algorithm [v3]
Severin Gehwolf
sgehwolf at openjdk.org
Fri Dec 5 09:50:12 UTC 2025
On Fri, 5 Dec 2025 08:23:47 GMT, Antonio Vieiro <avieiro at openjdk.org> wrote:
>> Clean backport of [JDK-8263188](https://bugs.openjdk.org/browse/JDK-8263188) to JDK11.
>>
>> It will make it easier to backport and review [JDK-8349583](https://bugs.openjdk.org/browse/JDK-8349583) and [JDK-8340321](https://bugs.openjdk.org/browse/JDK-8340321) , so OpenJDK 11 [follows the Oracle JRE and JDK Cryptographic Roadmap on 2026/01](https://www.java.com/en/jre-jdk-cryptoroadmap.html) by disabling SHA-1 in TLS/DTLS 1.2 handshake signatures.
>>
>> Since JDK11 does not sport the `ByteBuffer.slice(int, int)` method in JDK17 (used in `test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java`), a second commit adds an equivalent and updates the test.
>>
>> Tested on Linux with `tier1` tests:
>>
>>
>> ==============================
>> Test summary
>> ==============================
>> TEST TOTAL PASS FAIL ERROR
>> jtreg:test/hotspot/jtreg:tier1 1497 1497 0 0
>> jtreg:test/jdk:tier1 1899 1899 0 0
>> jtreg:test/langtools:tier1 3941 3941 0 0
>> jtreg:test/nashorn:tier1 0 0 0 0
>> jtreg:test/jaxp:tier1 0 0 0 0
>> ==============================
>> TEST SUCCESS
>>
>>
>> Also security tests (including new ones) pass:
>>
>>
>> ==============================
>> Test summary
>> ==============================
>> TEST TOTAL PASS FAIL ERROR
>> jtreg:test/jdk/sun/security 664 664 0 0
>> ==============================
>> TEST SUCCESS
>
> Antonio Vieiro has updated the pull request incrementally with one additional commit since the last revision:
>
> 8364597: Replace THL A29 Limited with Tencent
Looks good.
-------------
Marked as reviewed by sgehwolf (Reviewer).
PR Review: https://git.openjdk.org/jdk11u-dev/pull/3126#pullrequestreview-3543910559
More information about the jdk-updates-dev
mailing list