JDK-8242141 : New System Properties to configure the TLS signature schemes
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 11,12,13,14
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2020-04-03
  • Updated: 2021-03-16
  • Resolved: 2020-04-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 15 JDK 8 Other
11.0.8-oracleFixed 13.0.4Fixed 15 b20Fixed 8u261Fixed openjdk8u292Fixed
Related Reports
CSR :  
Relates :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8242147 :  
There is third party's TLS applications that do not accept some signature schemes.  A workaround is needed before the problem get fixed.
[~mbalao] Approved. I've created JDK-8259998 for you and added the CSR link. It should get resolved properly on push.

Fix request (8u) I'd like to have this enhancement approved for 8u. The reasons are to improve interoperability with other TLS implementations and to keep parity with other JDKs. While the patch does not apply cleanly, a proposal has been review-approved here: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-January/013334.html In regards to the CSR for 8u, the existing one (JDK-8245536) applies to OpenJDK so I'll link it from the backport ticket if this request is approved.

8u RFR: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-January/013332.html

FYI, CSR done by Oracle for 11 and 8 is here: https://bugs.openjdk.java.net/browse/JDK-8245536

Fix request (13u): I would like to add this fix to 13.0.4 for parity with 11u. The original change applies almost cleanly, except a context difference in src/java.base/share/classes/sun/security/ssl/SignatureScheme.java RFR: https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-June/003334.html

jdk11 backport request I would like to have the patch in OpenJDK11 as well (for better parity with 11.0.8_oracle). The patch needs small adjustments in src/java.base/share/classes/sun/security/ssl/SSLServerSocketImpl.java and src/java.base/share/classes/sun/security/ssl/SignatureScheme.java , RFR : https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-May/003111.html

Hi Matthias, I think we should create a CSR for the 11u backport even though Oracle didn't do that. Cheers Christoph

URL: https://hg.openjdk.java.net/jdk/jdk/rev/1fbaab79e8e1 User: xuelei Date: 2020-04-22 17:51:51 +0000

Code review thread: https://mail.openjdk.java.net/pipermail/security-dev/2020-April/021553.html