RFR: JDK-8211866 TLS 1.3 CertificateRequest message sometimes offers disallowed signature algorithms
Xuelei Fan
xuelei.fan at oracle.com
Tue Oct 16 03:52:03 UTC 2018
Looks fine to me.
Can the following two lines joined into one? Looks like the length does
not exceed 80 characters.
int vectorLen = SignatureScheme.sizeInRecord() *
sigAlgs.size();
Thanks,
Xuelei
On 10/11/2018 10:11 AM, Jamil Nimeh wrote:
> Hello all,
>
> This fixes an issue with the TLS 1.3 CertificateRequest message. In
> cases where the server side can initially support multiple protocol
> versions by the time it issues a CertificateRequest message it collects
> the list of supported signature schemes for the signature_algorithms and
> signature_algorithms_cert extensions using all supported protocols as a
> filtering mechanism.
>
> This change alters the filtering process to use only the negotiated
> protocol, so only those sig algs allowed for that one protocol version
> will be asserted.
>
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8211866/webrev.01/
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8211866
>
More information about the security-dev
mailing list