Currently when a signature scheme constraint is specified with 
"jdk.tls.disabledAlgorithms" property we don't differentiate between signatures 
used to sign a TLS handshake exchange and the signatures used in TLS 
certificates:
https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3

-------------

Commit messages:
 - 8349583: Add mechanism to disable signature schemes based on their TLS scope

Changes: https://git.openjdk.org/jdk/pull/23681/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=23681&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8349583
  Stats: 1200 lines in 20 files changed: 859 ins; 232 del; 109 mod
  Patch: https://git.openjdk.org/jdk/pull/23681.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/23681/head:pull/23681

PR: https://git.openjdk.org/jdk/pull/23681

Reply via email to