JDK-8242141 : New System Properties to configure the TLS signature schemes
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 11,12,13,14
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2020-04-03
  • Updated: 2020-07-15
  • Resolved: 2020-04-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 15 JDK 8
11.0.8Fixed 13.0.4Fixed 15 b20Fixed 8u261Fixed
Related Reports
CSR :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8242147 :  
Description
There is third party's TLS applications that do not accept some signature schemes.  A workaround is needed before the problem get fixed.
Comments
Fix request (13u): I would like to add this fix to 13.0.4 for parity with 11u. The original change applies almost cleanly, except a context difference in src/java.base/share/classes/sun/security/ssl/SignatureScheme.java RFR: https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-June/003334.html
22-06-2020

jdk11 backport request I would like to have the patch in OpenJDK11 as well (for better parity with 11.0.8_oracle). The patch needs small adjustments in src/java.base/share/classes/sun/security/ssl/SSLServerSocketImpl.java and src/java.base/share/classes/sun/security/ssl/SignatureScheme.java , RFR : https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-May/003111.html
25-05-2020

Hi Matthias, I think we should create a CSR for the 11u backport even though Oracle didn't do that. Cheers Christoph
18-05-2020

URL: https://hg.openjdk.java.net/jdk/jdk/rev/1fbaab79e8e1 User: xuelei Date: 2020-04-22 17:51:51 +0000
22-04-2020

Code review thread: https://mail.openjdk.java.net/pipermail/security-dev/2020-April/021553.html
04-04-2020