RFR: 8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures [v3]
duke
duke at openjdk.org
Mon Apr 7 20:07:12 UTC 2025
On Fri, 4 Apr 2025 20:44:28 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Disable SHA-1 in TLS/DTLS 1.2 handshake signatures (but not in certificate signatures).
>> https://www.rfc-editor.org/rfc/rfc9155.html
>>
>> Also fixing a little TLSv1.3 spec violation bug: ECDSA_SHA1 should not be allowed for handshake signatures in TLSv1.3.
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>
> Disable ECDSA_SHA1 to be used for TLSv1.3 handshake signatures
@artur-oracle
Your change (at version 4335dfc96f51fd707442716d090be70c62825eaa) is now ready to be sponsored by a Committer.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/24367#issuecomment-2784499541
More information about the security-dev
mailing list