Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8206925

Support the certificate_authorities extension

XMLWordPrintable

        See TLS 1.3 specification, RFC 8446.
        "Certificate authorities (CAs) which an endpoint supports and which SHOULD be used by the receiving endpoint to guide certificate selection. ... The client MAY send the "certificate_authorities" extension in the ClientHello message. The server MAY send it in the CertificateRequest message."

        For TLS 1.2 and prior versions, the certificate selection is guided by the CertificateRequest. While TLS 1.3 move this function to the "certificate_authorities" extension.

        The current TLS 1.3 implementation does not support this function, as could lead to certificate selection improperly and thus compatibility issues if upgrade from TLS 1.2 to TLS 1.3.

              xuelei Xuelei Fan
              xuelei Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: