RFR: 8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures
Artur Barashev
abarashev at openjdk.org
Fri Apr 4 17:53:49 UTC 2025
On Fri, 4 Apr 2025 17:18:44 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Disable SHA-1 in TLS/DTLS 1.2 handshake signatures (but not in certificate signatures).
>> https://www.rfc-editor.org/rfc/rfc9155.html
>
> test/jdk/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS12.java line 28:
>
>> 26: * @bug 8340321
>> 27: * @summary Disable SHA-1 in TLS/DTLS 1.2 signatures.
>> 28: * This test only covers TLS 1.2.
>
> What about TLS 1.3? Do we never include sha1 signature mechanisms?
`ECDSA_SHA1` is actually supported in TLSv1.3. I'll add the v1.3 test then.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24367#discussion_r2029223401
More information about the security-dev
mailing list