Code Review Request 8049321 Support SHA256WithDSA in JSSE
Bradford Wetmore
bradford.wetmore at oracle.com
Wed Dec 16 19:14:08 UTC 2015
The change itself looks ok, but a question on the previous code.
420: Why is SHA224 disabled when SunMSCAPI is present? Or
alternatively, why is SHA224 enabled when SunMSCAPI not present?
Shouldn't this be based on whether there is a SHA224 implementation
available? And if so, why are we not verifying that an implementation
exists (getInstance("SHA256") doesn't throw exception) for the other
algorithms also (SHA1/RSA/etc)?
The synopsis should probably be:
Support SHA224withDSA/SHA256withDSA in TLSv1.2 \
signature_algorithms extension
Also, note the case of the "W" in "SHA256WithDSA".
Brad
On 12/14/2015 9:47 PM, Xuelei Fan wrote:
> On 12/15/2015 1:40 PM, Xuelei Fan wrote:
>> Hi,
>>
>> Please this enhancement to the JSSE implementation:
>>
> Please review this enhancement to the JSSE implementation:
>
>> http://cr.openjdk.java.net/~xuelei/8049321/webrev.00/
>>
>> This change will add support for the SHA224withDSA and SHA256withDSA
>> algorithms in the TLS "signature_algorithms" extension in the SunJSSE
>> provider. Note that this extension does not apply to TLS 1.1 and
>> previous versions.
>>
>> Thanks,
>> Xuelei
>>
>
More information about the security-dev
mailing list