[jdk11u-dev] RFR: 8263188: JSSE should fail fast if there isn't supported signature algorithm
Severin Gehwolf
sgehwolf at openjdk.org
Thu Nov 27 14:57:02 UTC 2025
On Thu, 27 Nov 2025 10:20:50 GMT, Antonio Vieiro <avieiro at openjdk.org> wrote:
>> Clean backport of [JDK-8263188](https://bugs.openjdk.org/browse/JDK-8263188) to JDK11.
>>
>> It will make it easier to backport and review [JDK-8349583](https://bugs.openjdk.org/browse/JDK-8349583) and [JDK-8340321](https://bugs.openjdk.org/browse/JDK-8340321) , so OpenJDK 11 [follows the Oracle JRE and JDK Cryptographic Roadmap on 2026/01](https://www.java.com/en/jre-jdk-cryptoroadmap.html) by disabling SHA-1 in TLS/DTLS 1.2 handshake signatures.
>>
>> Since JDK11 does not sport the `ByteBuffer.slice(int, int)` method in JDK17 (used in `test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java`), a second commit adds an equivalent and updates the test.
>>
>> Tested on Linux with `tier1` tests:
>>
>>
>> ==============================
>> Test summary
>> ==============================
>> TEST TOTAL PASS FAIL ERROR
>> jtreg:test/hotspot/jtreg:tier1 1497 1497 0 0
>> jtreg:test/jdk:tier1 1899 1899 0 0
>> jtreg:test/langtools:tier1 3941 3941 0 0
>> jtreg:test/nashorn:tier1 0 0 0 0
>> jtreg:test/jaxp:tier1 0 0 0 0
>> ==============================
>> TEST SUCCESS
>>
>>
>> Also security tests (including new ones) pass:
>>
>>
>> ==============================
>> Test summary
>> ==============================
>> TEST TOTAL PASS FAIL ERROR
>> jtreg:test/jdk/sun/security 664 664 0 0
>> ==============================
>> TEST SUCCESS
>
> (Is there a GitHub - JIRA sync issue? I've updated the PR title manually)
@vieiro Changing the title manually won't help as then the patch isn't being recognized as backport. Please use the fulll sha and try again:
Backport 99b4bab366fe897e41a35240e474ea0cb0b229d5
-------------
PR Comment: https://git.openjdk.org/jdk11u-dev/pull/3126#issuecomment-3586291119
More information about the jdk-updates-dev
mailing list