RFR: 8350807: Certificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled [v2]

Artur Barashev abarashev at openjdk.org
Fri Apr 11 16:09:08 UTC 2025 

> MD5 algorithm is prohibited by TLSv1.3 RFC to be used in certificates:
> 
> 
> Any endpoint receiving any certificate which it would need to
> validate using any signature algorithm using an MD5 hash MUST abort
> the handshake with a "bad_certificate" alert.
> 
> 
> 
> The bug manifests itself when older versions of protocol are supported besides TLSv1.3, such as TLSv1.2. When multiple protocol versions are supported, both client and server calculate their respective SSLSessions's "localSupportedSignAlgs" based on supported signature algorithms for all active protocols and don't update it when negotiated protocol is established. Then "localSupportedSignAlgs" list is used to validate certificate's algorithm.
> 
> While we disable "MD5withRSA" in java.security config, MD5 algorithm should not be allowed in TLSv1.3 regardless of optional configuration.

Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains nine additional commits since the last revision:

 - Merge branch 'master' into JDK-8350807
 - Cosmetic test changes
 - Optimize imports
 - A couple of typo fixes
 - Abort the handshake with a bad_certificate alert on MD5 and SHA1
 - Update test run directive. Remove unnecessary comments
 - Update unit test
 - Unit test
 - 8350807: Certificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/24425/files
  - new: https://git.openjdk.org/jdk/pull/24425/files/28f12786..134a3264

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=24425&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=24425&range=00-01

  Stats: 58077 lines in 1239 files changed: 32407 ins; 21258 del; 4412 mod
  Patch: https://git.openjdk.org/jdk/pull/24425.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/24425/head:pull/24425

PR: https://git.openjdk.org/jdk/pull/24425

More information about the security-dev mailing list