I see your points. As we can backport to JDK 13 later, it may not
worthy to rollback to support the "RSASSA-PSS" algorithm restriction
only in JDK 13. Applications may also run into problems that need to
disable particular groups, similar to the RSASSA-PSS algorithm problem.
Let's solve the problem in one update, and re-target it to JDK 14.
I will file an CSR for JDK 14, and 13 backport if necessary.
Thanks,
Xuelei
On 7/8/2019 10:30 AM, Sean Mullan wrote:
On 7/8/19 12:30 PM, Xuelei Fan wrote:
- It looks like you have enhanced jdk.tls.disabledAlgorithms to allow
you to restrict named groups. I think that would make this an RFE,
which will require a CSR and special approval to get into JDK 13. Do
you really need this to implement the fix?
Named groups is a part of the signature algorithms for TLS 1.3. For
example for signature algorithm ecdsa_secp256r1_sha256, "secp256r1" is
the named groups part. It is simple to restrict named groups and
signature algorithm in one update.
So, for the reported issue in 8226374, with this fix, I can now disable
the RSASSA-PSS algorithms by adding the Java Security standard name
"RSASSA-PSS" to the jdk.tls.disabledAlgorithms property and it will work
on client and server side. This seems consistent, with disabling other
signature algorithms like MD5withRSA, SHA1withRSA, etc...
But now with your fix I can also add "secp256r1" to the
jdk.tls.disabledAlgorithms property and (I think) it will disable any
algorithm using that curve. I am wondering why you really need this in
order to fix the reported issue.
We can go as an RFE for JDK 14. But I would prefer to have it in JDK
13 so that applications could disable RSASSA-PSS and the certificate
selection could be more robust.
Can't you still fix the issue w/o needing to disable named groups?
As this does not change the public APIs and specs, I think it might be
fine to go with a bug fix for JDK 13 without a CSR.
If not, I would separate that part out and target it to JDK 14. Also,
why haven't you updated the definition of jdk.tls.disabledAlgorithms
to include named groups?
The named groups will be documented in the Standard Algorithms
Documentation. I think it is sufficient.
Named groups are not yet documented in the Standard Algorithms Doc.
This was deferred to JDK 14 [1] because it required some changes in the
implementation to be fixed first.
I'm fine to make it an RFE in JDK 14 if you want a CSR. We could
backport it later if necessary.
I am mainly wondering if you can just fix the specific issue in 13
(RSSSA-PSS) and add support for disabling named groups later, in JDK 14,
since that seems more like an RFE to me and also depends on the standard
names being defined for named curves.
--Sean
[1] https://bugs.openjdk.java.net/browse/JDK-8210755
