RFR: JDK-8263188: JSSE should fail fast if there isn't supported signature algorithm [v2]
John Jiang
jjiang at openjdk.java.net
Tue Mar 16 23:21:40 UTC 2021
> If signature_algorithms extension is present, but the algorithms are unreconginzed or unsupported, JSSE peers should send fatal alert immediately.
> For example, in this case, it's unnecssary to try to produce ServerHello, Certificate and ServerKeyExchange messages.
John Jiang has updated the pull request incrementally with one additional commit since the last revision:
TLSv1.2 CertificateRequest could fail fast if no common signature scheme and add two tests for TLSv1.2 and TLSv1.3 respectively
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/2876/files
- new: https://git.openjdk.java.net/jdk/pull/2876/files/bed8a7b7..a0552d45
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=2876&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=2876&range=00-01
Stats: 485 lines in 5 files changed: 473 ins; 0 del; 12 mod
Patch: https://git.openjdk.java.net/jdk/pull/2876.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/2876/head:pull/2876
PR: https://git.openjdk.java.net/jdk/pull/2876
More information about the security-dev
mailing list