RFR: 8349583: Add mechanism to disable signature schemes based on their TLS scope [v15]
Sean Mullan
mullan at openjdk.org
Mon Mar 10 19:42:54 UTC 2025
On Mon, 10 Mar 2025 18:25:04 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Currently when a signature scheme constraint is specified with "jdk.tls.disabledAlgorithms" property we don't differentiate between signatures used to sign a TLS handshake exchange and the signatures used in TLS certificates:
>> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>
> Update constraint description
src/java.base/share/conf/security/java.security line 752:
> 750: # ampersand '&'. The usage type follows the keyword and more than one usage
> 751: # type can be specified with a whitespace delimiter.
> 752: # Example: "rsa_pkcs1_sha1 usage handshake"
Can you change "handshake" to "Handshake" to match the format (even though it is case-insensitive).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r1987912839
More information about the security-dev
mailing list