Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8280494

(D)TLS signature schemes

    XMLWordPrintable

    Details

      Description

      In a (D)TLS connection, the client and server may support different signature algorithms. (D)TLS specifications (see RFC 8446 and RFC 5246) define the procedure to negotiate the signature algorithms that could be used in digital signatures during the negotiation of (D)TLS connections.

      In JEP 332: Transport Layer Security (TLS) 1.3 and the follow-on enhancements, JDK implemented the procedure and essential signature schemes. And in JDK-8242141, in order to configure the default signature schemes, the jdk.tls.client.SignatureSchemes System Property was added for the TLS client side configuration, and the jdk.tls.server.SignatureSchemes System Property was added for the server side configuration.

      Rather than using the provider default signature schemes, applications may want to customize the signature schemes for individual connections, for fine control of the security properties. New APIs are need to support this flexibility.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              xuelei Xuelei Fan
              Reporter:
              xuelei Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: