[jdk11u-dev] Integrated: 8263188: JSSE should fail fast if there isn't supported signature algorithm

Antonio Vieiro avieiro at openjdk.org
Mon Dec 22 12:33:08 UTC 2025 

On Thu, 27 Nov 2025 10:16:56 GMT, Antonio Vieiro <avieiro at openjdk.org> wrote:

> Clean backport of [JDK-8263188](https://bugs.openjdk.org/browse/JDK-8263188) to JDK11. 
> 
> It will make it easier to backport and review  [JDK-8349583](https://bugs.openjdk.org/browse/JDK-8349583) and [JDK-8340321](https://bugs.openjdk.org/browse/JDK-8340321) , so OpenJDK 11 [follows the Oracle JRE and JDK Cryptographic Roadmap on 2026/01](https://www.java.com/en/jre-jdk-cryptoroadmap.html) by disabling SHA-1 in TLS/DTLS 1.2 handshake signatures.
> 
> Since JDK11 does not sport the `ByteBuffer.slice(int, int)` method in JDK17 (used in `test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java`), a second commit adds an equivalent and updates the test.
> 
> Tested on Linux with `tier1` tests:
> 
> 
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:test/hotspot/jtreg:tier1                     1497  1497     0     0   
>    jtreg:test/jdk:tier1                               1899  1899     0     0   
>    jtreg:test/langtools:tier1                         3941  3941     0     0   
>    jtreg:test/nashorn:tier1                              0     0     0     0   
>    jtreg:test/jaxp:tier1                                 0     0     0     0   
> ==============================
> TEST SUCCESS
> 
> 
> Also security tests (including new ones) pass:
> 
> 
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:test/jdk/sun/security                         664   664     0     0   
> ==============================
> TEST SUCCESS

This pull request has now been integrated.

Changeset: 7441d387
Author:    Antonio Vieiro <avieiro at openjdk.org>
URL:       https://git.openjdk.org/jdk11u-dev/commit/7441d3877f19c2c891ddddaba42f0819813f41eb
Stats:     506 lines in 6 files changed: 493 ins; 0 del; 13 mod

8263188: JSSE should fail fast if there isn't supported signature algorithm

Reviewed-by: sgehwolf
Backport-of: 99b4bab366fe897e41a35240e474ea0cb0b229d5

-------------

PR: https://git.openjdk.org/jdk11u-dev/pull/3126

More information about the jdk-updates-dev mailing list