On Mon, 24 Mar 2025 17:24:01 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Currently when a signature scheme constraint is specified with >> "jdk.tls.disabledAlgorithms" property we don't differentiate between >> signatures used to sign a TLS handshake exchange and the signatures used in >> TLS certificates: >> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3 > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Fix java.security syntax. Remove whitespace. src/java.base/share/classes/sun/security/ssl/SSLScope.java line 39: > 37: CERTIFICATE_SIGNATURE("CertificateSignature"); > 38: > 39: final String name; Make this `private`. src/java.base/share/conf/security/java.security line 747: > 745: # > 746: # UsageType: > 747: # ([HandshakeSignature] | [CertificateSignature]) This needs to be updated to match CSR. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2016768779 PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2016770978
