RFR: 8373408: SHA1withECDSA is not required for ECDHE and ECDSA [v2]
Hai-May Chao
hchao at openjdk.org
Wed Jan 21 21:46:59 UTC 2026
> SunJSSE should not probe SHA1withECDSA signature availably when determining if elliptic curve cryptography is available, as it is deprecated and not required for ECDHE and ECDSA signature schemes. This change removes SHA1withECDSA from the EC availability probe. TLS signature scheme availability is validated later during handshake negotiation.
Hai-May Chao has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains two additional commits since the last revision:
- Merge
- 8373408: SHA1withECDSA is not required for ECDHE and ECDSA
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/29184/files
- new: https://git.openjdk.org/jdk/pull/29184/files/1f449b34..661c1f6d
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=29184&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=29184&range=00-01
Stats: 32061 lines in 627 files changed: 18317 ins; 6530 del; 7214 mod
Patch: https://git.openjdk.org/jdk/pull/29184.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/29184/head:pull/29184
PR: https://git.openjdk.org/jdk/pull/29184
More information about the security-dev
mailing list