JDK-8353289 : Release Note: Mechanism to Disable Signature Schemes Based on their TLS Scope
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 21.0.9-oracle,25
  • Priority: P2
  • Status: Resolved
  • Resolution: Delivered
  • Submitted: 2025-03-31
  • Updated: 2025-05-19
  • Resolved: 2025-04-03
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 21 JDK 25
21.0.9-oracleResolved 25Resolved
Description
TLS protocol specific usage constraints are now supported by the `jdk.tls.disabledAlgorithms` property in the `java.security` configuration file, as follows:
```
UsageConstraint:
    usage UsageType { UsageType }

UsageType:
    HandshakeSignature | CertificateSignature
```
`HandshakeSignature` restricts the use of the algorithm in TLS handshake signatures. `CertificateSignature` restricts the use of the algorithm in certificate signatures. An algorithm with this constraint cannot include other usage types defined in the `jdk.certpath.disabledAlgorithms` property. The usage type follows the keyword and more than one usage type can be specified with a whitespace delimiter.