RFR: JDK-8263188: JSSE should fail fast if there isn't supported signature algorithm
John Jiang
jjiang at openjdk.java.net
Mon Mar 8 22:39:26 UTC 2021
If signature_algorithms extension is present, but the algorithms are unreconginzed or unsupported, JSSE peers should send fatal alert immediately.
For example, in this case, it's unnecssary to try to produce ServerHello, Certificate and ServerKeyExchange messages.
-------------
Commit messages:
- JDK-8263188: JSSE should fail fast if there isn't supported signature algorithm
Changes: https://git.openjdk.java.net/jdk/pull/2876/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=2876&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8263188
Stats: 9 lines in 1 file changed: 8 ins; 0 del; 1 mod
Patch: https://git.openjdk.java.net/jdk/pull/2876.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/2876/head:pull/2876
PR: https://git.openjdk.java.net/jdk/pull/2876
More information about the security-dev
mailing list