[jdk11u-dev] RFR: 8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures [v2]
Antonio Vieiro
avieiro at openjdk.org
Tue Feb 24 10:14:36 UTC 2026
> Backport of [JDK-8340321](https://bugs.openjdk.org/browse/JDK-8340321) from [JDK17](https://github.com/openjdk/jdk17u-dev/commit/86765246d95c9e9586540c5f865ba093dff92ffe), that [disables SHA-1 in TLS/DTLS 1.2 handshake signatures](https://www.java.com/en/configure_crypto.html#DisableSHA1_TLS_DTLS) to comply with the [Oracle JRE Cryptographic Roadmap](https://www.java.com/en/jre-jdk-cryptoroadmap.html).
>
> Backport is not clean, as there many differences in `java.security` from 17 to 11.
>
> Tested with `tier1` tests on Linux and with `run-test-jdk_security`, that includes the new three new tests:
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/jdk:jdk_security 1368 1368 0 0
> ==============================
> TEST SUCCESS
>
>
> NOTE: This PR is on top of prerrequisite #3130 .
Antonio Vieiro has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains one commit:
Backport 86765246d95c9e9586540c5f865ba093dff92ffe
-------------
Changes: https://git.openjdk.org/jdk11u-dev/pull/3131/files
Webrev: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=3131&range=01
Stats: 249 lines in 5 files changed: 246 ins; 0 del; 3 mod
Patch: https://git.openjdk.org/jdk11u-dev/pull/3131.diff
Fetch: git fetch https://git.openjdk.org/jdk11u-dev.git pull/3131/head:pull/3131
PR: https://git.openjdk.org/jdk11u-dev/pull/3131
More information about the jdk-updates-dev
mailing list