Integrated: 8349583: Add mechanism to disable signature schemes based on their TLS scope
Artur Barashev
abarashev at openjdk.org
Mon Mar 31 16:48:41 UTC 2025
On Tue, 18 Feb 2025 21:41:58 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
> Currently when a signature scheme constraint is specified with "jdk.tls.disabledAlgorithms" property we don't differentiate between signatures used to sign a TLS handshake exchange and the signatures used in TLS certificates:
> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3
This pull request has now been integrated.
Changeset: 9c06dcb4
Author: Artur Barashev <abarashev at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/9c06dcb4396c3307d625663d92c0e11d794a56ea
Stats: 1271 lines in 21 files changed: 923 ins; 224 del; 124 mod
8349583: Add mechanism to disable signature schemes based on their TLS scope
Reviewed-by: mullan, ascarpino
-------------
PR: https://git.openjdk.org/jdk/pull/23681
More information about the security-dev
mailing list