RFR: 8353738: Update TLS unit tests to not use certificates with MD5 signatures [v2]
Artur Barashev
abarashev at openjdk.org
Wed Oct 29 02:00:06 UTC 2025
On Tue, 28 Oct 2025 17:43:12 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:
>> This PR updates tests that were using MD5 certificates. For most of the tests, I added test cases for TLSv1.2/MD5withRSA and TLSv1.3/SHA256withRSA.
>
> Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>
> - fixed indents and copyright year
> - Merge branch 'master' into update-md5-certs
> - 8353738: Update TLS unit tests to not use certificates with MD5 signatures
test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java line 222:
> 220: "MD2, RSA keySize < 1024");
> 221: Security.setProperty("jdk.tls.disabledAlgorithms",
> 222: "SSLv3, RC4, DH keySize < 768");
I think we should remove only `MD5`, here and in all other tests:
// If MD5 is used in this test case, don't disable MD5 algorithm.
SecurityUtils.removeFromDisabledTlsAlgs("MD5");
SecurityUtils.removeFromDisabledAlgs(
"jdk.certpath.disabledAlgorithms", List.of("MD5"));
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27342#discussion_r2471528938
More information about the net-dev
mailing list