-
Bug
-
Resolution: Unresolved
-
P3
-
None
We have a number of old TLS unit tests still using certificates with `MD5WithRSA` signature. MD5 algorithm is prohibited by TLSv1.3 RFC to be used in certificates. As we fix JDK-8350807 those tests will start failing when running on TLSv1.3 protocol. The following tests to be updated:
sun/net/www/protocol/https/HttpsURLConnection/Identities.java
sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
Note:
We should have 2 runs of `sun/net/www/protocol/https/HttpsURLConnection/*Identities.java` tests: one using TLSv1.3 protocol with non-MD5 signature certificate, and another using TLSv1.2 protocol with certificate using MD5WithRSA signature. It is important to have some tests that still use certificates with `MD5WithRSA` signature. Because we want to make sure they still work if someone re-enables the algorithm
sun/net/www/protocol/https/HttpsURLConnection/Identities.java
sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
Note:
We should have 2 runs of `sun/net/www/protocol/https/HttpsURLConnection/*Identities.java` tests: one using TLSv1.3 protocol with non-MD5 signature certificate, and another using TLSv1.2 protocol with certificate using MD5WithRSA signature. It is important to have some tests that still use certificates with `MD5WithRSA` signature. Because we want to make sure they still work if someone re-enables the algorithm
- is blocked by
-
-
- In Progress
-
- relates to
-
-
- In Progress
-