[10] RFR: 8182143: SHA224-based signature algorithms are not enabled for TLSv12 on Windows
Bernd Eckenfels
ecki at zusammenkunft.net
Thu Jun 15 23:06:30 UTC 2017
Hello,
If I recall correctly the idea of disabling those algorithms if SunMSCAPI IS(!) present was to avoid agreeing on a Signature algorithm which could not be supported by RSA offloaded keys inside CryptoAPI.
Having said that the suggested ciphers might need to be made dependent on the capabilities of the Signature provider for a given key type (especially if it is a key handle only).
Has this changed and the signatures are supported now by MSCapi?
Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
From: security-dev <security-dev-bounces at openjdk.java.net> on behalf of Artem Smotrakov <artem.smotrakov at oracle.com>
Sent: Thursday, June 15, 2017 10:57:00 PM
To: Xuelei Fan; Security Dev OpenJDK
Subject: [10] RFR: 8182143: SHA224-based signature algorithms are not enabled for TLSv12 on Windows
Hi Xuelei,
Could you please take a look at this patch?
It enables SHA224-based signature algorithms on Windows since they
should be provided not only by SunMSCAPI provider. Please see details in
the bug description.
The test works fine on all supported platforms.
Bug: https://bugs.openjdk.java.net/browse/JDK-8182143
Webrev: http://cr.openjdk.java.net/~asmotrak/8182143/webrev.00/
Artem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20170615/231e0a57/attachment.htm>
More information about the security-dev
mailing list