RFR: 8373408: SHA1withECDSA is not required for ECDHE and ECDSA
Anthony Scarpino
ascarpino at openjdk.org
Tue Jan 20 21:10:41 UTC 2026
On Tue, 13 Jan 2026 07:47:15 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
> SunJSSE should not probe SHA1withECDSA signature availably when determining if elliptic curve cryptography is available, as it is deprecated and not required for ECDHE and ECDSA signature schemes. This change removes SHA1withECDSA from the EC availability probe. TLS signature scheme availability is validated later during handshake negotiation.
Looks good to me.
-------------
Marked as reviewed by ascarpino (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/29184#pullrequestreview-3684291737
More information about the security-dev
mailing list