Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P2
Fix Version/s: 25
Affects Version/s: None
Component/s: security-libs
Labels:
- release-note=yes

Subcomponent:
javax.net.ssl
Resolved In Build:
b17

Currently when a signature scheme constraint is specified with "jdk.tls.disabledAlgorithms" property we don't differentiate between signatures used to sign a TLS handshake exchange and the signatures used in TLS certificates:
https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3

blocks

JDK-8340321 Disable SHA-1 in TLS/DTLS 1.2 handshake signatures

Resolved

csr for

JDK-8350902 Add mechanism to disable signature schemes based on their TLS scope

Closed

relates to

JDK-8350807 Certificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled

In Progress

links to

Commit(master) openjdk/jdk/9c06dcb4

Review(master) openjdk/jdk/23681

Release Note: Mechanism to Disable Signature Schemes Based on their TLS Scope

Resolved

Artur Barashev

Assignee:: Artur Barashev

Reporter:: Artur Barashev

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025-02-06 12:18

Updated:: 1 week ago 04:00

Resolved:: 2025-03-31 09:47

Details

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates