RFR: JDK-8166596: TLS support for the EdDSA signature algorithm

Jamil Nimeh jnimeh at openjdk.java.net
Tue Nov 17 19:51:06 UTC 2020


On Tue, 17 Nov 2020 19:07:33 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Hello all,
>> This change brings in support for certificates with EdDSA keys (both Ed25519 and Ed448) allowing those signature algorithms to be used both on the certificates themselves and used during the handshaking process for messages like CertificateVerify, ServerKeyExchange and so forth.
>
> test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java line 583:
> 
>> 581:         serverParameters.put(ParamType.CERTALIAS, "EE_ED25519");
>> 582:         runtest(testFormat, isPeerEd25519, null, null, null);
>> 583:         serverParameters.remove(ParamType.CERTALIAS);
> 
> I did not get the idea here.  Is there a special case in practice that use a similar key manger like the AliasKeyManager?

Right now, for TLS 1.0/1.1 EC certificates will be favored over EdDSA certificates in keystores that have valid certificates with both kinds of keys.  There's nothing we can do about that because 1.0/1.1 has no signaling mechanism to indicate signature preference like 1.2+ has.  Given that, I was thinking of ways to get around that restriction and one case I thought of was the Tomcat connector, which has options to specify a certificate for use by alias.  I wanted to make sure that we could still do that for 1.0/1.1 and it wouldn't break so I cooked up this simple KeyManager and ran a basic connection, expecting to see the cert specified by the alias.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1197



More information about the security-dev mailing list