RFR: 8349583: Add mechanism to disable signature schemes based on their TLS scope [v18]
Anthony Scarpino
ascarpino at openjdk.org
Wed Mar 19 18:44:10 UTC 2025
On Wed, 12 Mar 2025 17:26:30 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Currently when a signature scheme constraint is specified with "jdk.tls.disabledAlgorithms" property we don't differentiate between signatures used to sign a TLS handshake exchange and the signatures used in TLS certificates:
>> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>
> Typo fix
src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java line 822:
> 820: }
> 821: this.scopes.add(scope);
> 822: } else {
extra whitespace
test/jdk/sun/security/ssl/SignatureScheme/AbstractCheckSignatureSchemes.java line 2:
> 1: /*
> 2: * Copyright (c) 2021, 2025, Oracle and/or its affiliates. All rights reserved.
Since this is a new file, it only needs 2025
test/jdk/sun/security/ssl/SignatureScheme/AbstractCheckSignatureSchemes.java line 135:
> 133: int type = Byte.toUnsignedInt(tlsRecord.get());
> 134: int ver_major = Byte.toUnsignedInt(tlsRecord.get());
> 135: int ver_minor = Byte.toUnsignedInt(tlsRecord.get());
These 3 variables appear to not be used.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r1999795413
PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2001787345
PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2002149066
More information about the security-dev
mailing list