Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8206925

Support the certificate_authorities extension

    XMLWordPrintable

Details

    Backports

      Description

        See TLS 1.3 specification, RFC 8446.
        "Certificate authorities (CAs) which an endpoint supports and which SHOULD be used by the receiving endpoint to guide certificate selection. ... The client MAY send the "certificate_authorities" extension in the ClientHello message. The server MAY send it in the CertificateRequest message."

        For TLS 1.2 and prior versions, the certificate selection is guided by the CertificateRequest. While TLS 1.3 move this function to the "certificate_authorities" extension.

        The current TLS 1.3 implementation does not support this function, as could lead to certificate selection improperly and thus compatibility issues if upgrade from TLS 1.2 to TLS 1.3.

        Attachments

          Issue Links

            Activity

              People

                xuelei Xuelei Fan
                xuelei Xuelei Fan
                Votes:
                0 Vote for this issue
                Watchers:
                13 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: