Hi, Please review the fix for JDK-8136442:
http://cr.openjdk.java.net/~xuelei/8136442/webrev.00/ This update is proposing to remove the certificate signature algorithms restrictions on cipher suites. Per TLS ECC spec [section 5.3, RFC 4492], ECDHE_ECDSA Certificate MUST contain an ECDSA-capable public key. It MUST be signed with ECDSA. RSA signed EC-key certs cannot be used for ECDHE_ECDSA cipher suites. That's the current implementation. However, the restrictions on the algorithm used to sign certificates are relaxed in TLS 1.2 [RFC 5246]. Certificate signature algorithms are no longer tied to cipher suites. But we have not removed the restrictions in our implementation yet. As this is a straightforward and simple fix, no new test case is planed. Thanks, Xuelei
