RFR: 8349583: Add mechanism to disable signature schemes based on their TLS scope [v3]
Artur Barashev
abarashev at openjdk.org
Mon Feb 24 18:20:53 UTC 2025
On Mon, 24 Feb 2025 17:34:42 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 223:
>>
>>> 221: // Handshake signature scope
>>> 222: public static final Set<SSLCryptoScope> HANDSHAKE_SCOPE =
>>> 223: Collections.unmodifiableSet(EnumSet.of(SSLCryptoScope.HANDSHAKE));
>>
>> I think you get the same with `Set.of(SSLCryptoScope.HANDSHAKE)`
>
> Yes, looks that way. I just re-used the collections type that was used before in this code. Actually `Set.of` utilizes stricter `ImmutableCollections` as opposed to current `UnmodifiableCollection`.
On the 2nd thought: `Set.of` was introduced in 2015, so it's not available in Java 8, this might be a problem when backporting this code.
@seanjmullan what are your thoughts about this?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r1968189436
More information about the security-dev
mailing list