RFR [13] JDK-8225766 : Curve in certificate should not affect signature scheme when using TLSv1.3
Xuelei Fan
xuelei.fan at oracle.com
Thu Jun 20 00:02:07 UTC 2019
Hi,
Could I get the following update reviewed?
http://cr.openjdk.java.net/~xuelei/8225766/webrev.01/
For TLS 1.2 and prior versions, the public key of a EC cert MUST use a
curve and point format supported by the client. But in TLS 1.3,
signature algorithms are negotiated independently via the
"signature_algorithms" extension. The JDK implementation does not
comply to this behavior changes in TLS 1.3.
There is a corner case that the signature algorithm "ecdsa_sha1" does
not define the related curves. If the key uses an unsupported curves,
the peer cannot verify the signature. In this fix, a countermeasure is
introduced to mitigate the impact by checking that the curve used for
"ecdsa_sha1" is local supported.
Please read the code for more details.
Thanks,
Xuelei
More information about the security-dev
mailing list