Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8071858

Over-restrictive EC certificate checks in JSSE TLS 1.2

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • P3
    • None
    • 7-pool, 8-pool, 9
    • security-libs
    • None

    Description

      See http://mail.openjdk.java.net/pipermail/security-dev/2015-January/011666.html

      Appendix A.7, RFC 5264:
         As described in Sections 7.4.2 and 7.4.6, the restrictions on the
         signature algorithms used to sign certificates are no longer tied to
         the cipher suite (when used by the server) or the
         ClientCertificateType (when used by the client). Thus, the
         restrictions on the algorithm used to sign certificates specified in
         Sections 2 and 3 of RFC 4492 are also relaxed. As in this document,
         the restrictions on the keys in the end-entity certificate remain.

      Attachments

        Issue Links

          Activity

            People

              xuelei Xuelei Fan
              xuelei Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: