Hello, If I recall correctly the idea of disabling those algorithms if SunMSCAPI IS(!) present was to avoid agreeing on a Signature algorithm which could not be supported by RSA offloaded keys inside CryptoAPI.
Having said that the suggested ciphers might need to be made dependent on the capabilities of the Signature provider for a given key type (especially if it is a key handle only). Has this changed and the signatures are supported now by MSCapi? Gruss Bernd -- http://bernd.eckenfels.net ________________________________ From: security-dev <[email protected]> on behalf of Artem Smotrakov <[email protected]> Sent: Thursday, June 15, 2017 10:57:00 PM To: Xuelei Fan; Security Dev OpenJDK Subject: [10] RFR: 8182143: SHA224-based signature algorithms are not enabled for TLSv12 on Windows Hi Xuelei, Could you please take a look at this patch? It enables SHA224-based signature algorithms on Windows since they should be provided not only by SunMSCAPI provider. Please see details in the bug description. The test works fine on all supported platforms. Bug: https://bugs.openjdk.java.net/browse/JDK-8182143 Webrev: http://cr.openjdk.java.net/~asmotrak/8182143/webrev.00/ Artem
