RFR: 8349583: Add mechanism to disable signature schemes based on their TLS scope [v9]
Artur Barashev
abarashev at openjdk.org
Thu Feb 27 19:53:26 UTC 2025
> Currently when a signature scheme constraint is specified with "jdk.tls.disabledAlgorithms" property we don't differentiate between signatures used to sign a TLS handshake exchange and the signatures used in TLS certificates:
> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3
Artur Barashev has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:
- Check signature schemes that are enabled specifically for the handshake when HANDSHAKE_SCOPE is specified
- Update copyright
- Update HTTPS tests that are broken because we also fix JDK-8350807 on the server side as a side-effect
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/23681/files
- new: https://git.openjdk.org/jdk/pull/23681/files/9b3fea00..21c6057e
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=23681&range=08
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=23681&range=07-08
Stats: 0 lines in 0 files changed: 0 ins; 0 del; 0 mod
Patch: https://git.openjdk.org/jdk/pull/23681.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/23681/head:pull/23681
PR: https://git.openjdk.org/jdk/pull/23681
More information about the security-dev
mailing list