Hi Bernd,
Thanks for the correction. I really missed the point that there are
issues to enabled SHA-224 for SunMSCAPI provider.
On 6/15/2017 4:06 PM, Bernd Eckenfels wrote:
Hello,
If I recall correctly the idea of disabling those algorithms if
SunMSCAPI IS(!) present was to avoid agreeing on a Signature algorithm
which could not be supported by RSA offloaded keys inside CryptoAPI.
Having said that the suggested ciphers might need to be made dependent
on the capabilities of the Signature provider for a given key type
(especially if it is a key handle only).
Agreed. Besides, we may check the availability of each signature and
hash algorithms, rather than hard-coded them. I filed a new bug for the
tracking:
https://bugs.openjdk.java.net/browse/JDK-8182318
Thanks & Regards,
Xuelei
Has this changed and the signatures are supported now by MSCapi?
Gruss
Bernd
--
http://bernd.eckenfels.net
------------------------------------------------------------------------
*From:* security-dev <[email protected]> on behalf
of Artem Smotrakov <[email protected]>
*Sent:* Thursday, June 15, 2017 10:57:00 PM
*To:* Xuelei Fan; Security Dev OpenJDK
*Subject:* [10] RFR: 8182143: SHA224-based signature algorithms are not
enabled for TLSv12 on Windows
Hi Xuelei,
Could you please take a look at this patch?
It enables SHA224-based signature algorithms on Windows since they
should be provided not only by SunMSCAPI provider. Please see details in
the bug description.
The test works fine on all supported platforms.
Bug: https://bugs.openjdk.java.net/browse/JDK-8182143
Webrev: http://cr.openjdk.java.net/~asmotrak/8182143/webrev.00/
Artem
