RFR [13] JDK-8226374 Restric signature algorithms and named groups
Xuelei Fan
xuelei.fan at oracle.com
Mon Jul 8 03:00:12 UTC 2019
ping ...
On 6/28/2019 1:41 PM, Xuelei Fan wrote:
> Hi,
>
> Could I get the following update reviewed?
> http://cr.openjdk.java.net/~xuelei/8226374/webrev.00/
>
> During handshaking, the selection of signature algorithms was not
> checked with the algorithm constraints. Then the available signature
> algorithms may be ignored if a restricted algorithm get selected. The
> connection should be able to be established as there are available
> algorithms.
>
> Within this update, more algorithm constraints checking are introduced
> in the signature algorithms and named groups code.
>
> The significant changes are in NamedGroup.java and SignatureScheme.java,
> in order to introduce the checking and algorithm parameters and specs.
>
> Thanks,
> Xuelei
More information about the security-dev
mailing list