RFR: 8349583: Add mechanism to disable signature schemes based on their TLS scope [v21]
Artur Barashev
abarashev at openjdk.org
Mon Mar 31 14:12:26 UTC 2025
On Fri, 28 Mar 2025 20:08:40 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Update copyright year
>
> src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 221:
>
>> 219:
>> 220: // Handshake signature scope.
>> 221: public static final Set<SSLScope> HANDSHAKE_SCOPE =
>
> I think this constant and `CERTIFICATE_SCOPE` can be package-private.
Done, thanks!
> src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 554:
>
>> 552: // Returns true if this signature scheme is supported for the given
>> 553: // protocol version and SSL scopes.
>> 554: boolean isSupportedProtocol(ProtocolVersion version, Set<SSLScope> scopes) {
>
> I think this method and `isAllowed` can be private.
Done.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2021126075
PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2021126283
More information about the security-dev
mailing list