JDK-8350807 : Certificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 8,11,17,21,25
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2025-02-26
  • Updated: 2025-05-05
  • Resolved: 2025-04-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 21 JDK 25
21.0.9-oracleUnresolved 25 b20Fixed
Related Reports
Relates :  
JDK-8349583 - Add mechanism to disable signature schemes based on their TLS scope
Relates :  
JDK-8353738 - Update TLS unit tests to not use certificates with MD5 signatures
Description
MD5 algorithm is prohibited by TLSv1.3 RFC to be used in certificates:
-----
Any endpoint receiving any certificate which it would need to
validate using any signature algorithm using an MD5 hash MUST abort
the handshake with a "bad_certificate" alert.
-----

The bug manifests itself when older versions of protocol are supported besides TLSv1.3, such as TLSv1.2. When multiple protocol versions are supported, both client and server calculate their respective SSLSessions's "localSupportedSignAlgs" based on supported signature algorithms for all active protocols and don't update it when negotiated protocol is established. Then "localSupportedSignAlgs" list is used to validate certificate's algorithm.

While we disable "MD5withRSA" in java.security config, MD5 algorithm should not be allowed in TLSv1.3 regardless of optional configuration.

To reproduce:
Run "sun/net/www/protocol/https/HttpsURLConnection/Identities.java" unit test. Observe the test running on TLSv1.3 protocol while using certificates with "md5WithRSA" Signature Algorithm.
Comments
Changeset: abb23828 Branch: master Author: Artur Barashev <abarashev@openjdk.org> Committer: Sean Mullan <mullan@openjdk.org> Date: 2025-04-17 13:45:47 +0000 URL: https://git.openjdk.org/jdk/commit/abb23828f9dc5f4cdb75d5b924dd6f45925102cd
17-04-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/24425 Date: 2025-04-03 19:05:59 +0000
10-04-2025