Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8072046

REGRESSION: Difference in behavior between 8u25 and 7u72 when SSL certificates have the RSASSA-PSS signature algorithm

XMLWordPrintable


      Have noticed an unexpected difference in behavior between 8u25 and 8u31 for
      SSL. Client and server certificate s attached.

      The attached certificate works fine for 8u25, but in 8u31 we get the
      following in the ssl log output:

      %% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
      main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
      main, WRITE: TLSv1.2 Alert, length = 2
      [Raw write]: length = 7
      0000: 15 03 03 00 02 02 2E .......
      main, called closeSocket()
      main, handling exception: javax.net.ssl.SSLHandshakeException:
      java.security.cert.CertificateException: Certificates does not conform to
      algorithm constraints
      main, called close()
      main, called closeInternal(true)
      main, called close()
      main, called closeInternal(true)
      main, called close()
      main, called closeInternal(true)

        1. stdout.log
          508 kB
        2. Rcli_JRE 7u72_log.txt
          163 kB
        3. MLS server certs Der fomat.zip
          3 kB
        4. mlsserver_verification cert.der
          1 kB
        5. mlsclient_Verificationcert.der
          1 kB
        6. Jre8u25_log.txt
          125 kB
        7. command window log.txt
          119 kB
        8. cn=mlssrv_p12format.zip
          8 kB

            wetmore Bradford Wetmore
            shadowbug Shadow Bug
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: