Integrated: 8255867: SignatureScheme JSSE property does not preserve ordering in handshake messages
Jamil Nimeh
jnimeh at openjdk.java.net
Mon Feb 22 22:20:41 UTC 2021
On Sat, 20 Feb 2021 01:56:37 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
> This fix adjusts the SunJSSE provider's handling of the jdk.tls.[client | server].SignatureSchemes property and its effect on messages that assert the signature_algorithms and signature_algorithms_cert extensions, or supported_signature_algorithms vectors like those used in TLS 1.2 CertificateRequest messages. With this change, the ordering of the signature algorithms in the property value will be preserved in the ordering as integer identifiers in the messages itself. Prior to this fix the property algorithms will be asserted, but in the order as shown in the sun.security.ssl.SignatureAlgorithms enumeration.
>
> This does not affect the default ordering of these signature schemes when the property is not given a value.
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8255867
This pull request has now been integrated.
Changeset: a30fb4fc
Author: Jamil Nimeh <jnimeh at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/a30fb4fc
Stats: 356 lines in 3 files changed: 342 ins; 0 del; 14 mod
8255867: SignatureScheme JSSE property does not preserve ordering in handshake messages
Reviewed-by: xuelei
-------------
PR: https://git.openjdk.java.net/jdk/pull/2658
More information about the security-dev
mailing list