RFR: 8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures [v3]
Sean Mullan
mullan at openjdk.org
Mon Apr 7 19:35:11 UTC 2025
On Fri, 4 Apr 2025 20:44:28 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Disable SHA-1 in TLS/DTLS 1.2 handshake signatures (but not in certificate signatures).
>> https://www.rfc-editor.org/rfc/rfc9155.html
>>
>> Also fixing a little TLSv1.3 spec violation bug: ECDSA_SHA1 should not be allowed for handshake signatures in TLSv1.3.
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>
> Disable ECDSA_SHA1 to be used for TLSv1.3 handshake signatures
Marked as reviewed by mullan (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/24367#pullrequestreview-2747915902
More information about the security-dev
mailing list