archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 06:45:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8226374: Restrict TLS signature schemes and named groups

Browse source 
Reviewed-by: mullan
This commit is contained in:
Xue-Lei Andrew Fan 2019-08-12 21:36:29 -07:00
parent de8ce983b3
commit 316140ff92
18 changed files with 810 additions and 626 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/java.base/share/classes/sun/security/ssl/CertificateVerify.java
View file

@ -564,6 +564,7 @@ final class CertificateVerify {
// This happens in client side only.
ClientHandshakeContext chc = (ClientHandshakeContext)context;
this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
chc.algorithmConstraints,
chc.peerRequestedSignatureSchemes,
x509Possession,
chc.negotiatedProtocol);
@ -865,6 +866,7 @@ final class CertificateVerify {
super(context);
this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
context.algorithmConstraints,
context.peerRequestedSignatureSchemes,
x509Possession,
context.negotiatedProtocol);