[11u] RFR: 8226374: Restrict TLS signature schemes and named groups
hohensee at amazon.com
Wed Apr 7 21:41:30 UTC 2021
The backport looks fine, except there's a missing blank line after FFDHE_2048 in NamedGroup.java. :) Thanks for filing a CSR (there doesn't seem to be one for the 13u backport: perhaps Yan will add one after the fact). I'm not a security person, so it would be great if someone who is reviews the CSR to see if there are any 11u-specific issues with it.
From: jdk-updates-dev <jdk-updates-dev-retn at openjdk.java.net> on behalf of "Doerr, Martin" <martin.doerr at sap.com>
Date: Wednesday, April 7, 2021 at 9:10 AM
To: jdk-updates-dev <jdk-updates-dev at openjdk.java.net>, security-dev <security-dev at openjdk.java.net>
Cc: "Lindenmaier, Goetz" <goetz.lindenmaier at sap.com>, "Langer, Christoph" <christoph.langer at sap.com>
Subject: [11u] RFR: 8226374: Restrict TLS signature schemes and named groups
JDK-8226374 is backported to 11.0.12-oracle. I'd like to backport it for parity.
It doesn't apply cleanly. I've taken the 13u backport as source because it resolves the wrong backport order with JDK-8242141.
Original change (JDK14):
11u rejected hunks (integrated manually):
my new 11u backport:
More information about the jdk-updates-dev