Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8072046

REGRESSION: Difference in behavior between 8u25 and 7u72 when SSL certificates have the RSASSA-PSS signature algorithm

XMLWordPrintable


      Have noticed an unexpected difference in behavior between 8u25 and 8u31 for
      SSL. Client and server certificate s attached.

      The attached certificate works fine for 8u25, but in 8u31 we get the
      following in the ssl log output:

      %% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
      main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
      main, WRITE: TLSv1.2 Alert, length = 2
      [Raw write]: length = 7
      0000: 15 03 03 00 02 02 2E .......
      main, called closeSocket()
      main, handling exception: javax.net.ssl.SSLHandshakeException:
      java.security.cert.CertificateException: Certificates does not conform to
      algorithm constraints
      main, called close()
      main, called closeInternal(true)
      main, called close()
      main, called closeInternal(true)
      main, called close()
      main, called closeInternal(true)

        1. cn=mlssrv_p12format.zip
          8 kB
        2. command window log.txt
          119 kB
        3. Jre8u25_log.txt
          125 kB
        4. mlsclient_Verificationcert.der
          1 kB
        5. mlsserver_verification cert.der
          1 kB
        6. MLS server certs Der fomat.zip
          3 kB
        7. Rcli_JRE 7u72_log.txt
          163 kB
        8. stdout.log
          508 kB

            wetmore Bradford Wetmore
            shadowbug Shadow Bug
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: