Details
-
Enhancement
-
Resolution: Fixed
-
P3
-
None
-
b14
Description
In a (D)TLS connection, the client and server may support different signature algorithms. (D)TLS specifications (see RFC 8446 and RFC 5246) define the procedure to negotiate the signature algorithms that could be used in digital signatures during the negotiation of (D)TLS connections.
In JEP 332: Transport Layer Security (TLS) 1.3 and the follow-on enhancements, JDK implemented the procedure and essential signature schemes. And inJDK-8242141, in order to configure the default signature schemes, the jdk.tls.client.SignatureSchemes System Property was added for the TLS client side configuration, and the jdk.tls.server.SignatureSchemes System Property was added for the server side configuration.
Rather than using the provider default signature schemes, applications may want to customize the signature schemes for individual connections, for fine control of the security properties. New APIs are need to support this flexibility.
In JEP 332: Transport Layer Security (TLS) 1.3 and the follow-on enhancements, JDK implemented the procedure and essential signature schemes. And in
Rather than using the provider default signature schemes, applications may want to customize the signature schemes for individual connections, for fine control of the security properties. New APIs are need to support this flexibility.
Attachments
Issue Links
- csr for
-
JDK-8280495 (D)TLS signature schemes
-
- Closed
-
- duplicates
-
-
- Closed
-
- relates to
-
JDK-8293956 Update description of SSLParameters Class in the JSSE Reference Guide
-
- Resolved
-
-
JDK-8280493 (D)TLS signature schemes
-
- Closed
-
-
-
- Open
-
(2 links to)