RFR: 8366364: Return enabled signature schemes with SSLConfiguration#getSSLParameters() call [v3]
Artur Barashev
abarashev at openjdk.org
Wed Oct 29 14:30:49 UTC 2025
On Wed, 29 Oct 2025 13:48:45 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> On the closer look, I think filtering named groups is better to be dealt with as a separate issue. Removing namedGroup changes and renaming the ticket.
>
>> On the closer look, I think filtering named groups is better to be dealt with as a separate issue. Removing namedGroup changes and renaming the ticket.
>
> Ok, that's a good idea.
>
> Would it be possible to add, or extend an existing test to check that `SSLParameters.getSignatureSchemes()` now returns the default schemes if the property is not set, and excludes schemes that are disabled?
Sure, good idea to add a test. Basically we are replacing `null` pointer with `SupportedSigSchemes.DEFAULT` pointer but those values are not being used other than to return with `SSLConfiguration#getSSLParameters()` call. This is unlike `NamedGroup.SupportedGroups.namedGroups` values which are being (needlessly) looked up again and used in `NamedGroup` class. I've created JDK-8370885 to deal with it separately.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27961#discussion_r2473451711
More information about the security-dev
mailing list