RFR: 8365820: Apply certificate scope constraints to algorithms in "signature_algorithms" extension when "signature_algorithms_cert" extension is not being sent [v4]

Nibedita Jena duke at openjdk.org
Tue Aug 26 05:24:36 UTC 2025 

On Mon, 25 Aug 2025 18:18:01 GMT, Artur Barashev <abarashev at openjdk.org> wrote:

>> [JDK-8349583](https://bugs.openjdk.org/browse/JDK-8349583) implementation assumes that OpenJDK client always sends "signature_algorithms_cert" extension together with "signature_algorithms" extension. But we didn't account for `jdk.tls.client.disableExtensions` and `jdk.tls.server.disableExtensions` system properties which can disable producing "signature_algorithms_cert" extension. This is an issue similar to [JDK-8355779](https://bugs.openjdk.org/browse/JDK-8355779) but on the extension producing side.
>> 
>> Per TLSv1.3 RFC:
>> 
>>>  If no "signature_algorithms_cert" extension is
>>>    present, then the "signature_algorithms" extension also applies to
>>>    signatures appearing in certificates.
>> 
>> Also making a few cosmetic changes to the existing code.
>
> Artur Barashev has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - Update tests
>  - Revert "Include RSASSA-PKCS1-v1_5 and Legacy algorithms in signature_algorithms for TLSv1.3"
>    
>    This reverts commit adc236be4bcac11614e2741c99545aa593f6af5b.

test/jdk/sun/security/ssl/SignatureScheme/DisableSignatureSchemePerScopeTLS12.java line 131:

> 129:         // signature_algorithms_cert extension MUST contain disabled
> 130:         // handshake signature scheme.
> 131:         assertTrue(sigAlgsCertSS.contains(HANDSHAKE_DISABLED_SIG),

If `jdk.tls.client.disableExtensions=signature_algorithms_cert` is used, then the given extension wont be present, it will fail here

test/jdk/sun/security/ssl/SignatureScheme/DisableSignatureSchemePerScopeTLS12.java line 138:

> 136:         // signature_algorithms_cert extension MUST NOT contain disabled
> 137:         // certificate signature scheme.
> 138:         assertFalse(sigAlgsCertSS.contains(CERTIFICATE_DISABLED_SIG),

If `jdk.tls.client.disableExtensions=signature_algorithms_cert` is used, then the given extension wont be present, it will fail here

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26887#discussion_r2299811551
PR Review Comment: https://git.openjdk.org/jdk/pull/26887#discussion_r2299812171

More information about the security-dev mailing list