RFR [13] JDK-8225766 : Curve in certificate should not affect signature scheme when using TLSv1.3
Anthony Scarpino
anthony.scarpino at oracle.com
Thu Jun 20 03:17:22 UTC 2019
On 6/19/19 5:02 PM, Xuelei Fan wrote:
> Hi,
>
> Could I get the following update reviewed?
>
> http://cr.openjdk.java.net/~xuelei/8225766/webrev.01/
>
> For TLS 1.2 and prior versions, the public key of a EC cert MUST use a
> curve and point format supported by the client. But in TLS 1.3,
> signature algorithms are negotiated independently via the
> "signature_algorithms" extension. The JDK implementation does not
> comply to this behavior changes in TLS 1.3.
>
> There is a corner case that the signature algorithm "ecdsa_sha1" does
> not define the related curves. If the key uses an unsupported curves,
> the peer cannot verify the signature. In this fix, a countermeasure is
> introduced to mitigate the impact by checking that the curve used for
> "ecdsa_sha1" is local supported.
>
> Please read the code for more details.
>
> Thanks,
> Xuelei
The code looks fine.. Just one nit in the comment that looks like you
lost control of your fingers :-)
X509Authentication.java
332 // independently via the "signature_algoriarethms" extension.
Tony
More information about the security-dev
mailing list