RFR: 8373408: SHA1withECDSA is not required for ECDHE and ECDSA
Hai-May Chao
hchao at openjdk.org
Tue Jan 13 07:55:32 UTC 2026
SunJSSE should not probe SHA1withECDSA signature availably when determining if elliptic curve cryptography is available, as it is deprecated and not required for ECDHE and ECDSA signature schemes. This change removes SHA1withECDSA from the EC availability probe. TLS signature scheme availability is validated later during handshake negotiation.
-------------
Commit messages:
- 8373408: SHA1withECDSA is not required for ECDHE and ECDSA
Changes: https://git.openjdk.org/jdk/pull/29184/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=29184&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8373408
Stats: 2 lines in 1 file changed: 0 ins; 1 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/29184.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/29184/head:pull/29184
PR: https://git.openjdk.org/jdk/pull/29184
More information about the security-dev
mailing list