RFR: 8210989 TLSv1.2 not authenticating using PSS certificates
Xuelei Fan
xuelei.fan at oracle.com
Mon Oct 15 18:36:43 UTC 2018
Looks nice to me.
To help to remember the decision, would you mind add a comment in the
T12CertificateRequestConsumer.consume() block about why we don't use the
CertificateRequest.certificate_types any more. Maybe, some words like,
"Note that the certificate_types field is not used here. The
supported_signature_algorithms field has provide sufficient information".
Thanks,
Xuelei
On 10/7/2018 9:33 AM, Jamil Nimeh wrote:
> Hello all, this fixes an issue where for TLSv1.2 connections
> specifically, clients will not authenticate using PSS certs even when
> PSS signature algorithms are asserted in the CertificateRequest
> message. This brings in a method for client certificate selection
> similar to how we do it for TLS 1.3. TLS 1.3, 1.1 and 1.0 client
> certificate selection is not affected by this fix.
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8210989
>
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8210989/webrev.01/
>
> --Jamil
>
More information about the security-dev
mailing list