Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8245536

New System Properties to configure the TLS signature schemes

XMLWordPrintable

    • behavioral
    • minimal
    • No expected compatibility risks
    • System or security property
    • JDK

      Summary

      Request to add new System Properties for customizing signature schemes in TLS connections in JDK.

      No technical differences from JDK 15 CSR, JDK-8242145.

      Problem

      A third party's TLS implementation may not be able to handle a certain signature schemes, and cannot interop with JDK. Although the implementation does not comply to TLS specifications, the impact could be significant if an application that uses the implementation is popular.

      Solution

      A workaround to customize the signature schemes is needed to interop with third party's TLS implementation.

      With this update, two System Properties will be added to customize the signature schemes used in the SunJSSE provider.

      Specification

      1. New System Property: jdk.tls.client.SignatureSchemes

        This System Property contains a comma-separated list of supported signature scheme names, which specifying the signature schemes that could be used in TLS client side. The names are not case-sensitive and described in the "Signature Schemes"section of the Java Security Standard Algorithm Names Specification. Unrecognized or unsupported signature scheme names specified in the property are ignored.

        If the System Property value is not defined (JDK default value) or empty, the provider-specific default is used.

      2. New System Property: jdk.tls.server.SignatureSchemes

        This System Property contains a comma-separated list of supported signature scheme names, which specifying the signature schemes that could be used in TLS server side. The names are not case-sensitive and described in the "Signature Schemes" section of the Java Security Standard Algorithm Names Specification. Unrecognized or unsupported signature scheme names specified in the property are ignored.

        If the System Property value is not defined (JDK default value) or empty, the provider-specific default is used.

      3. Documentation the System Properties in the JSSE Reference Guide.

      Note that the System Properties are currently used by the SunJSSE provider, but it is not guaranteed to be examined and used by other implementations. If it is examined by another implementation, then that implementation should handle it in the same manner as the SunJSSE provider does.

            pkoppula Prasadarao Koppula
            hgupdate HG Updates
            Sean Coffey
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: