RFR: 8349583: Add mechanism to disable signature schemes based on their TLS scope [v8]
Artur Barashev
abarashev at openjdk.org
Thu Feb 27 19:42:22 UTC 2025
> Currently when a signature scheme constraint is specified with "jdk.tls.disabledAlgorithms" property we don't differentiate between signatures used to sign a TLS handshake exchange and the signatures used in TLS certificates:
> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3
Artur Barashev has updated the pull request incrementally with two additional commits since the last revision:
- - Check signature schemes anables specifically for the handshake when HANDSHAKE_SCOPE is specified
- Update copyright
- Revert "Restore original arguments for getSupportedAlgorithms() calls"
This reverts commit 4b335619ee6a79a6f609fe98c5339588a6a1342a.
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/23681/files
- new: https://git.openjdk.org/jdk/pull/23681/files/4b335619..9b3fea00
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=23681&range=07
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=23681&range=06-07
Stats: 186 lines in 18 files changed: 64 ins; 67 del; 55 mod
Patch: https://git.openjdk.org/jdk/pull/23681.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/23681/head:pull/23681
PR: https://git.openjdk.org/jdk/pull/23681
More information about the security-dev
mailing list