Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8229720

New JSSE APIs to configure named groups and signature algorithms

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: tbd
    • Component/s: security-libs
    • Labels:

      Description

      Applications may want to configure the activated named groups and signature algorithms for each connection, rather than using the JSSE provider configuration and preferences. There are no such APIs in Java SE.

      For example, we may want to consider:
      1. add a System Property, jdk.tls.signatureSchemes to configure the default signature schemes. The SunJSSE provider now supports the jdk.tls.namedGroups System Property for customizing the default named groups.

      2. The named groups used in a certificate should be checked in key manager and trust manger for TLS 1.2 and prior versions. Similar to ExtendedSSLSession.getLocalSupportedSignatureAlgorithms() and ExtendedSSLSession.getPeerSupportedSignatureAlgorithms(), it may be worth adding two default methods SSLSession.getLocalNamedGroups() and SSLSession.getPeerNamedGroups()

      3. Individual connections may have individual preference. Named groups and signature algorithms could be configurable with SSLParameters. For example, SSLParameters.setSignatureSchemes() or SSLParameters.setNamedGroups().

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                xuelei Xue-Lei Fan
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: