JDK-8071858 : Over-restrictive EC certificate checks in JSSE TLS 1.2
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 7-pool,8-pool,9
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2015-01-29
  • Updated: 2015-12-10
  • Resolved: 2015-12-10
Related Reports
Duplicate :  
JDK-8136442 - Don't tie Certificate signature algorithms to ciphersuites
Description
See http://mail.openjdk.java.net/pipermail/security-dev/2015-January/011666.html

Appendix A.7, RFC 5264:
   As described in Sections 7.4.2 and 7.4.6, the restrictions on the
   signature algorithms used to sign certificates are no longer tied to
   the cipher suite (when used by the server) or the
   ClientCertificateType (when used by the client).  Thus, the
   restrictions on the algorithm used to sign certificates specified in
   Sections 2 and 3 of RFC 4492 are also relaxed.  As in this document,
   the restrictions on the keys in the end-entity certificate remain.