> MD5 algorithm is prohibited by TLSv1.3 RFC to be used in certificates: > > > Any endpoint receiving any certificate which it would need to > validate using any signature algorithm using an MD5 hash MUST abort > the handshake with a "bad_certificate" alert. > > > > The bug manifests itself when older versions of protocol are supported > besides TLSv1.3, such as TLSv1.2. When multiple protocol versions are > supported, both client and server calculate their respective SSLSessions's > "localSupportedSignAlgs" based on supported signature algorithms for all > active protocols and don't update it when negotiated protocol is established. > Then "localSupportedSignAlgs" list is used to validate certificate's > algorithm. > > While we disable "MD5withRSA" in java.security config, MD5 algorithm should > not be allowed in TLSv1.3 regardless of optional configuration.
Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains nine additional commits since the last revision: - Merge branch 'master' into JDK-8350807 - Cosmetic test changes - Optimize imports - A couple of typo fixes - Abort the handshake with a bad_certificate alert on MD5 and SHA1 - Update test run directive. Remove unnecessary comments - Update unit test - Unit test - 8350807: Certificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled ------------- Changes: - all: https://git.openjdk.org/jdk/pull/24425/files - new: https://git.openjdk.org/jdk/pull/24425/files/28f12786..134a3264 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=24425&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=24425&range=00-01 Stats: 58077 lines in 1239 files changed: 32407 ins; 21258 del; 4412 mod Patch: https://git.openjdk.org/jdk/pull/24425.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/24425/head:pull/24425 PR: https://git.openjdk.org/jdk/pull/24425
