Details
-
Bug
-
Resolution: Fixed
-
P3
-
None
-
b66
-
Verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8084263 | emb-9 | Jason Uh | P3 | Resolved | Fixed | team |
| JDK-8240159 | openjdk8u252 | Unassigned | P3 | Resolved | Fixed | b05 |
Description
XML Signature 1.1 recommends that implementations support ECDSA over the P-384 and P-521 prime curves; see http://www.w3.org/TR/xmldsig-core1/#sec-ECDSA.
We used to support these curves (as well as the required P-256 curve); however the implementation was dependent on internal APIs which changed and inadvertantly broke the behavior. So, we removed the dependency on the internal APIs inJDK-8046724 but we only added support for P-256.
We should also restore the behavior for P-384 and P-521 as technically this is a regression. Not supporting these is not good for interoperability as other vendors already support them; for more details see the XML Signature 1.1 Interop Test Report: http://www.w3.org/TR/xmldsig-core1-interop/
We used to support these curves (as well as the required P-256 curve); however the implementation was dependent on internal APIs which changed and inadvertantly broke the behavior. So, we removed the dependency on the internal APIs in
We should also restore the behavior for P-384 and P-521 as technically this is a regression. Not supporting these is not good for interoperability as other vendors already support them; for more details see the XML Signature 1.1 Interop Test Report: http://www.w3.org/TR/xmldsig-core1-interop/
Attachments
Issue Links
- backported by
-
JDK-8084263 Add support for ECDSA P-384 and P-521 curves to XML Signature
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
-
- Closed
-