RFR: 8349583: Add mechanism to disable signature schemes based on their TLS scope [v14]
Artur Barashev
abarashev at openjdk.org
Mon Mar 10 18:25:07 UTC 2025
On Fri, 7 Mar 2025 18:48:59 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Move SSLScope class description below the package
>
> src/java.base/share/conf/security/java.security line 747:
>
>> 745: #
>> 746: # Handshake restricts the use of the algorithm in TLS handshake signatures.
>> 747: # Certificate restricts the use of the algorithm in certificate signatures.
>
> I think we should repeat this sentence from the "UsageConstraint" definition in the `jdk.certpath.disabledAlgorithms` property: "The usage type follows the keyword and more than one usage type can be specified with a whitespace delimiter."
>
> (This will also help address Joe's comment on the CSR).
Done, thanks! Updated CSR as well.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r1987807778
More information about the security-dev
mailing list