-
Bug
-
Resolution: Fixed
-
P3
-
9
-
b96
-
generic
-
generic
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8149295 | 8u101 | Xuelei Fan | P3 | Resolved | Fixed | b01 |
JDK-8144307 | 8u92 | Sean Coffey | P3 | Resolved | Fixed | b03 |
JDK-8155440 | emb-8u101 | Xuelei Fan | P3 | Resolved | Fixed | b01 |
Per TLS ECC spec [section 5.3, RFC 4492],
ECDHE_ECDSA Certificate MUST contain an
ECDSA-capable public key. It
MUST be signed with ECDSA.
With current JDK RSA signed EC-key certs cannot be used for ECDHE_ECDSA cipher suites.
The restrictions on the algorithm used to sign certificates are relaxed
in TLS 1.2 [RFC 5246]. Certificate signature algorithms are no longer
tied to cipher suites. But we have not removed the restrictions in our
implementation yet.
ECDHE_ECDSA Certificate MUST contain an
ECDSA-capable public key. It
MUST be signed with ECDSA.
With current JDK RSA signed EC-key certs cannot be used for ECDHE_ECDSA cipher suites.
The restrictions on the algorithm used to sign certificates are relaxed
in TLS 1.2 [RFC 5246]. Certificate signature algorithms are no longer
tied to cipher suites. But we have not removed the restrictions in our
implementation yet.
- backported by
-
JDK-8144307 Don't tie Certificate signature algorithms to ciphersuites
-
- Resolved
-
-
JDK-8149295 Don't tie Certificate signature algorithms to ciphersuites
-
- Resolved
-
-
JDK-8155440 Don't tie Certificate signature algorithms to ciphersuites
-
- Resolved
-
- duplicates
-
JDK-8071858 Over-restrictive EC certificate checks in JSSE TLS 1.2
-
- Closed
-
- relates to
-
JDK-8133741 Unable to setup ECDHE_ECDSA cipher suites
-
- Closed
-