Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P2
Fix Version/s: 25
Affects Version/s: None
Component/s: security-libs
Labels:
- release-note=yes

Subcomponent:
javax.net.ssl
Resolved In Build:
b17

Issue	Fix Version	Assignee	Priority	Status	Resolution
JDK-8356462	21.0.9-oracle	Nibedita Jena	P2	Open	Unresolved
JDK-8356463	17.0.17-oracle	Nibedita Jena	P2	Open	Unresolved
JDK-8356464	11.0.29-oracle	Nibedita Jena	P2	Open	Unresolved
JDK-8356465	8u471	Nibedita Jena	P2	Open	Unresolved

Currently when a signature scheme constraint is specified with "jdk.tls.disabledAlgorithms" property we don't differentiate between signatures used to sign a TLS handshake exchange and the signatures used in TLS certificates:
https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3

backported by

JDK-8356462 Add mechanism to disable signature schemes based on their TLS scope

Open

JDK-8356463 Add mechanism to disable signature schemes based on their TLS scope

Open

JDK-8356464 Add mechanism to disable signature schemes based on their TLS scope

Open

JDK-8356465 Add mechanism to disable signature schemes based on their TLS scope

Open

blocks

JDK-8340321 Disable SHA-1 in TLS/DTLS 1.2 handshake signatures

Resolved

csr for

JDK-8350902 Add mechanism to disable signature schemes based on their TLS scope

Closed

relates to

JDK-8355779 When no "signature_algorithms_cert" extension is present we do not apply certificate scope constraints to algorithms in "signature_algorithms" extension

Resolved

JDK-8350807 Certificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled

Resolved

JDK-8353113 Peer supported certificate signature algorithms are not being checked with default SunX509 key manager

In Progress

links to

Commit(master) openjdk/jdk/9c06dcb4

Review(master) openjdk/jdk/23681

(1 csr for, 3 relates to, 2 links to)

Release Note: Mechanism to Disable Signature Schemes Based on their TLS Scope

Resolved

Artur Barashev

Assignee:: Artur Barashev

Reporter:: Artur Barashev

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025-02-06 12:18

Updated:: 8 minutes ago

Resolved:: 2025-03-31 09:47

Details

Backports

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates