Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8136442

Don't tie Certificate signature algorithms to ciphersuites

    Details

    • Subcomponent:
    • Resolved In Build:
      b96
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description

        Per TLS ECC spec [section 5.3, RFC 4492],

              ECDHE_ECDSA Certificate MUST contain an
                                      ECDSA-capable public key. It
                                      MUST be signed with ECDSA.

        With current JDK RSA signed EC-key certs cannot be used for ECDHE_ECDSA cipher suites.

        The restrictions on the algorithm used to sign certificates are relaxed
        in TLS 1.2 [RFC 5246]. Certificate signature algorithms are no longer
        tied to cipher suites. But we have not removed the restrictions in our
        implementation yet.

          Issue Links

            Activity

            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/5916f63e4d08
            User: xuelei
            Date: 2015-12-01 01:33:36 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/5916f63e4d08 User: xuelei Date: 2015-12-01 01:33:36 +0000
            Show
            coffeys Sean Coffey added a comment - review thread : http://mail.openjdk.java.net/pipermail/security-dev/2015-November/013095.html
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/5916f63e4d08
            User: lana
            Date: 2015-12-10 00:27:01 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/5916f63e4d08 User: lana Date: 2015-12-10 00:27:01 +0000

              People

              • Assignee:
                xuelei Xue-Lei Fan
                Reporter:
                coffeys Sean Coffey
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: