RFR: 8366364: Return enabled signature schemes with SSLConfiguration#getSSLParameters() call [v3]
Artur Barashev
abarashev at openjdk.org
Wed Oct 29 23:00:39 UTC 2025
On Wed, 29 Oct 2025 14:28:08 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>>> On the closer look, I think filtering named groups is better to be dealt with as a separate issue. Removing namedGroup changes and renaming the ticket.
>>
>> Ok, that's a good idea.
>>
>> Would it be possible to add, or extend an existing test to check that `SSLParameters.getSignatureSchemes()` now returns the default schemes if the property is not set, and excludes schemes that are disabled?
>
> Sure, good idea to add a test. Basically we are replacing `null` pointer with `SupportedSigSchemes.DEFAULT` pointer but those values are not being used other than to return with `SSLConfiguration#getSSLParameters()` call. This is unlike `NamedGroup.SupportedGroups.namedGroups` values which are being (needlessly) looked up again and used in `NamedGroup` class. I've created JDK-8370885 to deal with it separately.
Unit test added.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27961#discussion_r2475875263
More information about the security-dev
mailing list