On Fri, 28 Mar 2025 03:12:40 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> Currently when a signature scheme constraint is specified with >> "jdk.tls.disabledAlgorithms" property we don't differentiate between >> signatures used to sign a TLS handshake exchange and the signatures used in >> TLS certificates: >> https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3 > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Update copyright year A final review, just a couple of minor comments. src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 221: > 219: > 220: // Handshake signature scope. > 221: public static final Set<SSLScope> HANDSHAKE_SCOPE = I think this constant and `CERTIFICATE_SCOPE` can be package-private. src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 554: > 552: // Returns true if this signature scheme is supported for the given > 553: // protocol version and SSL scopes. > 554: boolean isSupportedProtocol(ProtocolVersion version, Set<SSLScope> > scopes) { I think this method and `isAllowed` can be private. ------------- PR Review: https://git.openjdk.org/jdk/pull/23681#pullrequestreview-2726622461 PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2019284852 PR Review Comment: https://git.openjdk.org/jdk/pull/23681#discussion_r2019286085
