Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8245536

New System Properties to configure the TLS signature schemes

    Details

    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Compatibility Risk Description:
      No expected compatibility risks
    • Interface Kind:
      System or security property
    • Scope:
      JDK

      Description

      Summary

      Request to add new System Properties for customizing signature schemes in TLS connections in JDK.

      No technical differences from JDK 15 CSR, JDK-8242145.

      Problem

      A third party's TLS implementation may not be able to handle a certain signature schemes, and cannot interop with JDK. Although the implementation does not comply to TLS specifications, the impact could be significant if an application that uses the implementation is popular.

      Solution

      A workaround to customize the signature schemes is needed to interop with third party's TLS implementation.

      With this update, two System Properties will be added to customize the signature schemes used in the SunJSSE provider.

      Specification

      1. New System Property: jdk.tls.client.SignatureSchemes

        This System Property contains a comma-separated list of supported signature scheme names, which specifying the signature schemes that could be used in TLS client side. The names are not case-sensitive and described in the "Signature Schemes"section of the Java Security Standard Algorithm Names Specification. Unrecognized or unsupported signature scheme names specified in the property are ignored.

        If the System Property value is not defined (JDK default value) or empty, the provider-specific default is used.

      2. New System Property: jdk.tls.server.SignatureSchemes

        This System Property contains a comma-separated list of supported signature scheme names, which specifying the signature schemes that could be used in TLS server side. The names are not case-sensitive and described in the "Signature Schemes" section of the Java Security Standard Algorithm Names Specification. Unrecognized or unsupported signature scheme names specified in the property are ignored.

        If the System Property value is not defined (JDK default value) or empty, the provider-specific default is used.

      3. Documentation the System Properties in the JSSE Reference Guide.

      Note that the System Properties are currently used by the SunJSSE provider, but it is not guaranteed to be examined and used by other implementations. If it is examined by another implementation, then that implementation should handle it in the same manner as the SunJSSE provider does.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                pkoppula Prasadarao Koppula
                Reporter:
                hgupdate HG Updates
                Reviewed By:
                Sean Coffey
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: