Summary

Block signature scheme names to be used with CertificateSignature algorithm constraints usage

Problem

Users can be confused when trying to block RSASSA-PSS certificate signature by specifying one of the rsa_pss_* signature schemes with CertificateSignature algorithm usage constraint. RSASSA-PSS certificate signature algorithm corresponds to multiple signature scheme names and blocking one of those signature scheme with CertificateSignature usage directive won't block RSASSA-PSS certificate signature because other rsa_pss_* signature schemes still will be allowed.

Solution

Block signature scheme names to be used with CertificateSignature algorithm constraints usage and update documentation in java.security config file.

Specification

--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -755,7 +755,12 @@ http.auth.digest.disabledAlgorithms = MD5, SHA-1
 #     other usage types defined in the jdk.certpath.disabledAlgorithms
 #     property. The usage type follows the keyword and more than one usage type
 #     can be specified with a whitespace delimiter.
-#     Example: "rsa_pkcs1_sha1 usage HandshakeSignature"
+#     Note that TLS signature scheme names can't be used as algorithms with
+#     CertificateSignature usage type, only certificate's signature algorithm
+#     or certificate's key algorithm are supported for this usage type.
+#     Examples:
+#       - rsa_pkcs1_sha1 usage HandshakeSignature
+#       - SHA1withRSA usage CertificateSignature
 #