RFR: JDK-8263188: JSSE should fail fast if there isn't supported signature algorithm
John Jiang
jjiang at openjdk.java.net
Wed Mar 24 14:35:40 UTC 2021
On Mon, 8 Mar 2021 15:27:45 GMT, John Jiang <jjiang at openjdk.org> wrote:
> If signature_algorithms extension is present, but the algorithms are unreconginzed or unsupported, JSSE peers should send fatal alert immediately.
> For example, in this case, it's unnecssary to try to produce ServerHello, Certificate and ServerKeyExchange messages.
Could this change be reviewed? Thanks!
-------------
PR: https://git.openjdk.java.net/jdk/pull/2876
More information about the security-dev
mailing list