-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 24
-
Component/s: security-libs
-
b27
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8377894 | 27 | Matthew Donovan | P3 | Resolved | Fixed | b10 |
We have a number of old TLS unit tests still using certificates with `MD5WithRSA` signature. MD5 algorithm is prohibited by TLSv1.3 RFC to be used in certificates. As we fix JDK-8350807 those tests will start failing when running on TLSv1.3 protocol. The following tests to be updated:
sun/net/www/protocol/https/HttpsURLConnection/Identities.java
sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
javax/management/security/SecurityTest.java
Note:
We should have 2 runs of `sun/net/www/protocol/https/HttpsURLConnection/*Identities.java` tests: one using TLSv1.3 protocol with non-MD5 signature certificate, and another using TLSv1.2 protocol with certificate using MD5WithRSA signature. It is important to have some tests that still use certificates with `MD5WithRSA` signature. Because we want to make sure they still work if someone re-enables the algorithm
sun/net/www/protocol/https/HttpsURLConnection/Identities.java
sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
javax/management/security/SecurityTest.java
Note:
We should have 2 runs of `sun/net/www/protocol/https/HttpsURLConnection/*Identities.java` tests: one using TLSv1.3 protocol with non-MD5 signature certificate, and another using TLSv1.2 protocol with certificate using MD5WithRSA signature. It is important to have some tests that still use certificates with `MD5WithRSA` signature. Because we want to make sure they still work if someone re-enables the algorithm
- backported by
-
JDK-8377894 Update TLS unit tests to not use certificates with MD5 signatures
-
- Resolved
-
- is blocked by
-
JDK-8325766 Extend CertificateBuilder to create trust and end entity certificates programmatically
-
- Resolved
-
- relates to
-
-
- Resolved
-
-
-
- Resolved
-
- links to
-
Commit(master)
openjdk/jdk/f5eecc45
-
Review(master)
openjdk/jdk/27342
(1 links to)