Code Review Request 8049321 Support SHA256WithDSA in JSSE

Xuelei Fan at
Wed Dec 16 23:22:00 UTC 2015

On 12/17/2015 3:14 AM, Bradford Wetmore wrote:
> The change itself looks ok, but a question on the previous code.
> 420:  Why is SHA224 disabled when SunMSCAPI is present?  Or
> alternatively, why is SHA224 enabled when SunMSCAPI not present?
SunMSCAPI does not support SHA-224 yet.

> Shouldn't this be based on whether there is a SHA224 implementation
> available?
The SHA-224 is always available with JDK providers.  But SHA224withRSA
and SHA224withDSA does not work for SunMSCAPI.  So we need to filter out
SHA-224 for SunMSCAPI.

> And if so, why are we not verifying that an implementation
> exists (getInstance("SHA256") doesn't throw exception) for the other
> algorithms also (SHA1/RSA/etc)?
Need to check the full signature name.  But no checking at present as
these algorithms are supported by JDK providers except the SHA-224 based
ones.  May make improvement later.


> The synopsis should probably be:
>     Support SHA224withDSA/SHA256withDSA in TLSv1.2 \
>     signature_algorithms extension
> Also, note the case of the "W" in "SHA256WithDSA".
> Brad
> On 12/14/2015 9:47 PM, Xuelei Fan wrote:
>> On 12/15/2015 1:40 PM, Xuelei Fan wrote:
>>> Hi,
>>> Please this enhancement to the JSSE implementation:
>> Please review this enhancement to the JSSE implementation:
>>> This change will add support for the SHA224withDSA and SHA256withDSA
>>> algorithms in the TLS "signature_algorithms" extension in the SunJSSE
>>> provider.  Note that this extension does not apply to TLS 1.1 and
>>> previous versions.
>>> Thanks,
>>> Xuelei

More information about the security-dev mailing list