Integrated: 8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures
Artur Barashev
abarashev at openjdk.org
Tue Apr 8 13:05:35 UTC 2025
On Tue, 1 Apr 2025 20:53:01 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
> Disable SHA-1 in TLS/DTLS 1.2 handshake signatures (but not in certificate signatures).
> https://www.rfc-editor.org/rfc/rfc9155.html
>
> Also fixing a little TLSv1.3 spec violation bug: ECDSA_SHA1 should not be allowed for handshake signatures in TLSv1.3.
This pull request has now been integrated.
Changeset: dfa79c37
Author: Artur Barashev <abarashev at openjdk.org>
Committer: Sean Mullan <mullan at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/dfa79c373097d17a347b7c17103c57e12f59dc67
Stats: 249 lines in 5 files changed: 246 ins; 0 del; 3 mod
8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures
Reviewed-by: mullan
-------------
PR: https://git.openjdk.org/jdk/pull/24367
More information about the security-dev
mailing list