> [JDK-8349583](https://bugs.openjdk.org/browse/JDK-8349583) implementation > assumes that OpenJDK client always sends "signature_algorithms_cert" > extension together with "signature_algorithms" extension. But we didn't > account for `jdk.tls.client.disableExtensions` and > `jdk.tls.server.disableExtensions` system properties which can disable > producing "signature_algorithms_cert" extension. This is an issue similar to > [JDK-8355779](https://bugs.openjdk.org/browse/JDK-8355779) but on the > extension producing side. > > Per TLSv1.3 RFC: > >> If no "signature_algorithms_cert" extension is >> present, then the "signature_algorithms" extension also applies to >> signatures appearing in certificates. > > Also making a few cosmetic changes to the existing code.
Artur Barashev has updated the pull request incrementally with two additional commits since the last revision: - Update tests - Revert "Include RSASSA-PKCS1-v1_5 and Legacy algorithms in signature_algorithms for TLSv1.3" This reverts commit adc236be4bcac11614e2741c99545aa593f6af5b. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/26887/files - new: https://git.openjdk.org/jdk/pull/26887/files/c7f84138..64fd6927 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=26887&range=03 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=26887&range=02-03 Stats: 74 lines in 6 files changed: 22 ins; 43 del; 9 mod Patch: https://git.openjdk.org/jdk/pull/26887.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/26887/head:pull/26887 PR: https://git.openjdk.org/jdk/pull/26887
