On Mon, 24 Mar 2025 17:24:01 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Currently when a signature scheme constraint is specified with >> "jdk.tls.disabledAlgorithms" property we don't differentiate between >> signatures used to sign a TLS handshake exchange and the signatures used in >> TLS certificates: >> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3 > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Fix java.security syntax. Remove whitespace. test/jdk/sun/security/ssl/SignatureScheme/AbstractCheckSignatureSchemes.java line 77: > 75: } > 76: > 77: protected String getProtocol() { I'd be more inclined to make this abstract and force subclasses to override it. test/jdk/sun/security/ssl/SignatureScheme/DisableSignatureSchemePerScopeTLS12.java line 52: > 50: protected static final String DISABLED_CONSTRAINTS = > 51: HANDSHAKE_DISABLED_SIG + " usage HandShakesignature, " > 52: + CERTIFICATE_DISABLED_SIG + " usage certificateSignature"; Nit: s/certificateSignature/CertificateSignature/ test/jdk/sun/security/ssl/SignatureScheme/DisableSignatureSchemePerScopeTLS13.java line 42: > 40: > 41: public class DisableSignatureSchemePerScopeTLS13 > 42: extends DisableSignatureSchemePerScopeTLS12 { It's a little odd this extends *TLS12 - did you consider extending `AbstractCheckSignatureSchemes` or was that too complicated? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2017434192 PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2017425885 PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2017440271
