[10] RFR: 8182143: SHA224-based signature algorithms are not enabled for TLSv12 on Windows
Xuelei Fan
xuelei.fan at oracle.com
Thu Jun 15 23:37:26 UTC 2017
Hi Bernd,
Thanks for the correction. I really missed the point that there are
issues to enabled SHA-224 for SunMSCAPI provider.
On 6/15/2017 4:06 PM, Bernd Eckenfels wrote:
> Hello,
>
> If I recall correctly the idea of disabling those algorithms if
> SunMSCAPI IS(!) present was to avoid agreeing on a Signature algorithm
> which could not be supported by RSA offloaded keys inside CryptoAPI.
>
> Having said that the suggested ciphers might need to be made dependent
> on the capabilities of the Signature provider for a given key type
> (especially if it is a key handle only).
>
Agreed. Besides, we may check the availability of each signature and
hash algorithms, rather than hard-coded them. I filed a new bug for the
tracking:
https://bugs.openjdk.java.net/browse/JDK-8182318
Thanks & Regards,
Xuelei
> Has this changed and the signatures are supported now by MSCapi?
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
> ------------------------------------------------------------------------
> *From:* security-dev <security-dev-bounces at openjdk.java.net> on behalf
> of Artem Smotrakov <artem.smotrakov at oracle.com>
> *Sent:* Thursday, June 15, 2017 10:57:00 PM
> *To:* Xuelei Fan; Security Dev OpenJDK
> *Subject:* [10] RFR: 8182143: SHA224-based signature algorithms are not
> enabled for TLSv12 on Windows
> Hi Xuelei,
>
> Could you please take a look at this patch?
>
> It enables SHA224-based signature algorithms on Windows since they
> should be provided not only by SunMSCAPI provider. Please see details in
> the bug description.
>
> The test works fine on all supported platforms.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8182143
> Webrev: http://cr.openjdk.java.net/~asmotrak/8182143/webrev.00/
>
> Artem
More information about the security-dev
mailing list