RFR: 8365820: Apply certificate scope constraints to algorithms in "signature_algorithms" extension when "signature_algorithms_cert" extension is not being sent [v6]
Artur Barashev
abarashev at openjdk.org
Mon Sep 22 20:55:11 UTC 2025
On Mon, 22 Sep 2025 08:19:13 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains eight additional commits since the last revision:
>>
>> - Add a ticket number to unit tests
>> - Merge branch 'master' into JDK-8365820
>> - Add a server-side unit test. Rename existing tests.
>> - Update tests
>> - Revert "Include RSASSA-PKCS1-v1_5 and Legacy algorithms in signature_algorithms for TLSv1.3"
>>
>> This reverts commit adc236be4bcac11614e2741c99545aa593f6af5b.
>> - Merge branch 'master' into JDK-8365820
>> - Include RSASSA-PKCS1-v1_5 and Legacy algorithms in signature_algorithms for TLSv1.3
>> - 8365820: Apply certificate scope constraints to algorithms in "signature_algorithms" extension when "signature_algorithms_cert" extension is not being sent
>
> test/jdk/sun/security/ssl/SignatureScheme/DisableCertSignAlgsExtForServerTLS13.java line 131:
>
>> 129: // instead, depends on network setup.
>> 130: || ex instanceof SocketException));
>> 131: }
>
> Here for TLS 1.3, handshake always fails because SHA256withRSA is not allowed for client certificates. Would you consider adding a positive test for TLS 1.3 with a client certificate signed with RSASSA-PSS so we could test handshake will succeed as the client complies?
Actually SHA256withRSA is not allowed for handshake signatures in TLSv1.3, I made a mistake in the test's comment about it which is now corrected. Otherwise I have added a positive test case, good suggestion!
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26887#discussion_r2370279948
More information about the security-dev
mailing list