[jdk11u-dev] RFR: 8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures [v2]
Severin Gehwolf
sgehwolf at openjdk.org
Wed Feb 25 11:27:44 UTC 2026
On Tue, 24 Feb 2026 10:14:36 GMT, Antonio Vieiro <avieiro at openjdk.org> wrote:
>> Backport of [JDK-8340321](https://bugs.openjdk.org/browse/JDK-8340321) from [JDK17](https://github.com/openjdk/jdk17u-dev/commit/86765246d95c9e9586540c5f865ba093dff92ffe), that [disables SHA-1 in TLS/DTLS 1.2 handshake signatures](https://www.java.com/en/configure_crypto.html#DisableSHA1_TLS_DTLS) to comply with the [Oracle JRE Cryptographic Roadmap](https://www.java.com/en/jre-jdk-cryptoroadmap.html).
>>
>> Backport is not clean, as there many differences in `java.security` from 17 to 11.
>>
>> Tested with `tier1` tests on Linux and with `run-test-jdk_security`, that includes the new three new tests:
>>
>>
>> ==============================
>> Test summary
>> ==============================
>> TEST TOTAL PASS FAIL ERROR
>> jtreg:test/jdk:jdk_security 1368 1368 0 0
>> ==============================
>> TEST SUCCESS
>>
>>
>> NOTE: This PR is on top of prerrequisite #3130 .
>
> Antonio Vieiro has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains one additional commit since the last revision:
>
> Backport 86765246d95c9e9586540c5f865ba093dff92ffe
OK. The difference in `java.security` is due to https://bugs.openjdk.org/browse/JDK-8235710 (legacy EC curves removal in JDK 16).
-------------
Marked as reviewed by sgehwolf (Reviewer).
PR Review: https://git.openjdk.org/jdk11u-dev/pull/3131#pullrequestreview-3853376315
More information about the jdk-updates-dev
mailing list