RFR: JDK-8166596: TLS support for the EdDSA signature algorithm [v3]
Weijun Wang
weijun at openjdk.java.net
Fri Nov 20 20:11:08 UTC 2020
On Thu, 19 Nov 2020 17:48:34 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
>> Hello all,
>> This change brings in support for certificates with EdDSA keys (both Ed25519 and Ed448) allowing those signature algorithms to be used both on the certificates themselves and used during the handshaking process for messages like CertificateVerify, ServerKeyExchange and so forth.
>
> Jamil Nimeh has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains seven additional commits since the last revision:
>
> - Update test to account for JDK-8202343 fix
> - Merge
> - Merge
> - Applied code review comments to tests
> - Fix cut/paste error with ECDH-RSA key exchange
> - Merge
> - Initial EdDSA/TLS solution
src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 139:
> 137: if (cct.isAvailable) {
> 138: cct.keyAlgorithm.forEach(key -> {
> 139: if (!keyTypes.contains(key)) {
Can this ever happen? Why not just `addAll`?
-------------
PR: https://git.openjdk.java.net/jdk/pull/1197
More information about the security-dev
mailing list