-
Bug
-
Resolution: Fixed
-
P2
-
25
-
b22
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8356139 | 21.0.9-oracle | Konanki Sreenath | P2 | Closed | Fixed | b03 |
| JDK-8365482 | 21.0.9 | Goetz Lindenmaier | P2 | Resolved | Fixed | b04 |
| JDK-8365486 | 17.0.17 | Goetz Lindenmaier | P2 | Resolved | Fixed | b04 |
-------
If no "signature_algorithms_cert" extension is
present, then the "signature_algorithms" extension also applies to
signatures appearing in certificates.
-------
When no "signature_algorithms_cert" extension is present in ClientHello we simply copy "signature_algorithms" extension algorithms already filtered with HANDSHAKE_SCOPE to `peerRequestedCertSignSchemes`. Instead we should filter "signature_algorithms" extension algorithms with CERTIFICATE_SCOPE as certain algorithms are allowed to be used in certificate signatures but not in handshake signatures.
- backported by
-
JDK-8365482 When no "signature_algorithms_cert" extension is present we do not apply certificate scope constraints to algorithms in "signature_algorithms" extension
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-
- caused by
-
JDK-8349583 Add mechanism to disable signature schemes based on their TLS scope
-
- Resolved
-
- relates to
-
-
- In Progress
-
- links to
-
Commit(master)
openjdk/jdk17u-dev/70b4f5bd
-
Commit(master)
openjdk/jdk21u-dev/b34a3ee4
-
Commit(master)
openjdk/jdk/34807df7
-
Review(master)
openjdk/jdk17u-dev/3820
-
Review(master)
openjdk/jdk21u-dev/2054
-
Review(master)
openjdk/jdk/24939