On Wed, 26 Feb 2025 02:03:25 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Currently when a signature scheme constraint is specified with >> "jdk.tls.disabledAlgorithms" property we don't differentiate between >> signatures used to sign a TLS handshake exchange and the signatures used in >> TLS certificates: >> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3 > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Restore original arguments for getSupportedAlgorithms() calls This will also require a CSR for the new syntax in the jdk.tls.disabledAlgorithms property. Some files are missing copyright updates. src/java.base/share/classes/sun/security/ssl/CertificateMessage.java line 50: > 48: import javax.security.auth.x500.X500Principal; > 49: import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED; > 50: import static sun.security.ssl.SignatureScheme.CERTIFICATE_SCOPE; This import is not needed. ------------- PR Comment: https://git.openjdk.org/jdk/pull/23681#issuecomment-2688261276 PR Comment: https://git.openjdk.org/jdk/pull/23681#issuecomment-2688262794 PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r1973800961
