RFR JDK-8206925,,Support the certificate_authorities extension
Xuelei Fan
xuelei.fan at oracle.com
Tue May 5 18:29:16 UTC 2020
Hi,
Could I get the following update reviewed?
RFE: https://bugs.openjdk.java.net/browse/JDK-8206925
CSR: https://bugs.openjdk.java.net/browse/JDK-8244441
Release-note: https://bugs.openjdk.java.net/browse/JDK-8244460
webrev: http://cr.openjdk.java.net/~xuelei/8206925/webrev.00/
The "certificate_authorities" extension is an optional extension
introduced in TLS 1.3 and used to indicate the certificate authorities
(CAs) which an endpoint supports and which SHOULD be used by the
receiving endpoint to guide certificate selection.
In TLS 1.2, this function is built in the CertificateRequest handshake
massage.
This function is supported in TLS 1.2 and prior versions. However, it is
not implemented in the TLS 1.3 implementation. Without this function,
the authentication certificate selected may be not the one the peer
could accepted, when there are multiple certificates available.
Thanks,
Xuelei
More information about the security-dev
mailing list