RFR: JDK-8263188: JSSE should fail fast if there isn't supported signature algorithm [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Mon Mar 29 04:45:29 UTC 2021
On Tue, 16 Mar 2021 23:21:40 GMT, John Jiang <jjiang at openjdk.org> wrote:
>> If signature_algorithms extension is present, but the algorithms are unreconginzed or unsupported, JSSE peers should send fatal alert immediately.
>> For example, in this case, it's unnecssary to try to produce ServerHello, Certificate and ServerKeyExchange messages.
>
> John Jiang has updated the pull request incrementally with one additional commit since the last revision:
>
> TLSv1.2 CertificateRequest could fail fast if no common signature scheme and add two tests for TLSv1.2 and TLSv1.3 respectively
Looks good to me. Thanks!
-------------
Marked as reviewed by xuelei (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/2876
More information about the security-dev
mailing list