On Wed, 12 Mar 2025 17:26:30 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Currently when a signature scheme constraint is specified with >> "jdk.tls.disabledAlgorithms" property we don't differentiate between >> signatures used to sign a TLS handshake exchange and the signatures used in >> TLS certificates: >> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3 > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Typo fix src/java.base/share/classes/sun/security/ssl/CertificateRequest.java line 658: > 656: // contain signature schemes supported for both: > 657: // handshake signatures and certificate signatures. > 658: List<SignatureScheme> certReqSignAlgs = Are you making a copy in case `shc.localSupportedCertSignAlg` changes? Since this is coming from a handshake context, I don't see why it would ever change during the lifetime of the connection. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r1994320460
