Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8206925

Support the certificate_authorities extension

    XMLWordPrintable

Details

    Backports

      Description

        See TLS 1.3 specification, RFC 8446.
        "Certificate authorities (CAs) which an endpoint supports and which SHOULD be used by the receiving endpoint to guide certificate selection. ... The client MAY send the "certificate_authorities" extension in the ClientHello message. The server MAY send it in the CertificateRequest message."

        For TLS 1.2 and prior versions, the certificate selection is guided by the CertificateRequest. While TLS 1.3 move this function to the "certificate_authorities" extension.

        The current TLS 1.3 implementation does not support this function, as could lead to certificate selection improperly and thus compatibility issues if upgrade from TLS 1.2 to TLS 1.3.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8249876 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8250262 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8257309 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8259547 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8262642 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8264278 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8265451 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8272365 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8248708 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8255924 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Closed
            csr for

            CSR - null JDK-8244441 Support the certificate_authorities extension

            • P3 - Major loss of function.
            • Closed
            relates to

            Enhancement - null JDK-8245848 Document the certificate_authorities extension in JSSE Reference Guides

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8272351 Mutual TLS has stopped working - client certificates using RSA SHA256 not found

            • P3 - Major loss of function.
            • In Progress

            Bug - A problem which impairs or prevents the functions of the product. JDK-8234727 sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8252789 Empty client certificate issue during TLS handshake

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            links to

            Commit Commit openjdk/jdk13u-dev/239e7275

            Review Review openjdk/jdk13u-dev/252

            Activity

              People

                xuelei Xuelei Fan
                xuelei Xuelei Fan
                Votes:
                0 Vote for this issue
                Watchers:
                13 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: