Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8229720

New JSSE APIs to configure named groups and signature algorithms



      Applications may want to configure the activated named groups and signature algorithms for each connection, rather than using the JSSE provider configuration and preferences. There are no such APIs in Java SE.

      For example, we may want to consider:
      1. add a System Property, jdk.tls.signatureSchemes to configure the default signature schemes. The SunJSSE provider now supports the jdk.tls.namedGroups System Property for customizing the default named groups. (This feature will be addressed in JDK-8242141)

      2. The named groups used in a certificate should be checked in key manager and trust manger for TLS 1.2 and prior versions. Similar to ExtendedSSLSession.getLocalSupportedSignatureAlgorithms() and ExtendedSSLSession.getPeerSupportedSignatureAlgorithms(), it may be worth adding two default methods SSLSession.getLocalNamedGroups() and SSLSession.getPeerNamedGroups()

      3. Individual connections may have individual preference. Named groups and signature algorithms could be configurable with SSLParameters. For example, SSLParameters.setSignatureSchemes() or SSLParameters.setNamedGroups().


          Issue Links



              • Assignee:
                xuelei Xue-Lei Fan
                xuelei Xue-Lei Fan
              • Votes:
                0 Vote for this issue
                4 Start watching this issue


                • Created: