On Tue, 13 Jan 2026 07:47:15 GMT, Hai-May Chao <[email protected]> wrote:
> SunJSSE should not probe SHA1withECDSA signature availably when determining > if elliptic curve cryptography is available, as it is deprecated and not > required for ECDHE and ECDSA signature schemes. This change removes > SHA1withECDSA from the EC availability probe. TLS signature scheme > availability is validated later during handshake negotiation. LGTM. SHA1withECDSA (`SIGNATURE_ECDSA`) is required for ECDHE_ECDSA in TLS 1.1 and older. Starting with TLS 1.2, there are several hash algorithms available to choose from, and SHA1 is no longer required. ------------- Marked as reviewed by djelinski (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/29184#pullrequestreview-3655185613
