Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8071858

Over-restrictive EC certificate checks in JSSE TLS 1.2

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Duplicate
    • Affects Version/s: 7-pool, 8-pool, 9
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:
      None

      Description

      See http://mail.openjdk.java.net/pipermail/security-dev/2015-January/011666.html

      Appendix A.7, RFC 5264:
         As described in Sections 7.4.2 and 7.4.6, the restrictions on the
         signature algorithms used to sign certificates are no longer tied to
         the cipher suite (when used by the server) or the
         ClientCertificateType (when used by the client). Thus, the
         restrictions on the algorithm used to sign certificates specified in
         Sections 2 and 3 of RFC 4492 are also relaxed. As in this document,
         the restrictions on the keys in the end-entity certificate remain.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              xuelei Xue-Lei Fan
              Reporter:
              xuelei Xue-Lei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: