JDK-8229720 : New JSSE APIs to configure named groups and signature algorithms
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2019-08-14
  • Updated: 2022-11-14
  • Resolved: 2022-11-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 20
20Resolved
Related Reports
Duplicate :  
Duplicate :  
Duplicate :  
Duplicate :  
Relates :  
Description
Applications may want to configure the activated named groups and signature algorithms for each connection, rather than using the JSSE provider configuration and preferences.  There are no such APIs in Java SE.

For example, we may want to consider:
1. add a System Property, jdk.tls.signatureSchemes to configure the default signature schemes.  The SunJSSE provider now supports the jdk.tls.namedGroups System Property for customizing the default named groups. (This feature will be addressed in JDK-8242141)

2. The named groups used in a certificate should be checked in key manager and trust manger for TLS 1.2 and prior versions.  Similar to ExtendedSSLSession.getLocalSupportedSignatureAlgorithms() and ExtendedSSLSession.getPeerSupportedSignatureAlgorithms(), it may be worth adding two default methods SSLSession.getLocalNamedGroups() and SSLSession.getPeerNamedGroups()

3. Individual connections may have individual preference. Named groups and signature algorithms could be configurable with SSLParameters.  For example, SSLParameters.setSignatureSchemes() or SSLParameters.setNamedGroups().