-
Sub-task
-
Resolution: Delivered
-
P2
-
8u471, 8u471-perf, 11.0.29-oracle, 17.0.17-oracle, 21.0.9-oracle, 25
TLS protocol specific usage constraints are now supported by the `jdk.tls.disabledAlgorithms` property in the `java.security` configuration file, as follows:
```
UsageConstraint:
usage UsageType { UsageType }
UsageType:
HandshakeSignature | CertificateSignature
```
`HandshakeSignature` restricts the use of an algorithm in TLS handshake signatures. `CertificateSignature` restricts the use of an algorithm in certificate signatures. An algorithm with this constraint cannot include other usage types defined in the `jdk.certpath.disabledAlgorithms` property. The usage type follows the keyword and more than one usage type can be specified with a whitespace delimiter.
```
UsageConstraint:
usage UsageType { UsageType }
UsageType:
HandshakeSignature | CertificateSignature
```
`HandshakeSignature` restricts the use of an algorithm in TLS handshake signatures. `CertificateSignature` restricts the use of an algorithm in certificate signatures. An algorithm with this constraint cannot include other usage types defined in the `jdk.certpath.disabledAlgorithms` property. The usage type follows the keyword and more than one usage type can be specified with a whitespace delimiter.