From 34bdfd44ef18ebd117e6013d7262f35f11c79dc1 Mon Sep 17 00:00:00 2001 From: Severin Gehwolf Date: Mon, 15 Jun 2026 18:03:53 +0200 Subject: [PATCH 1/2] Backport 13e2a4c8b8184f8d369eacf1e69074311eb6f3db 8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures --- .../sun/security/ssl/SignatureScheme.java | 5 +- jdk/src/share/lib/security/java.security-aix | 3 +- .../share/lib/security/java.security-linux | 3 +- .../share/lib/security/java.security-macosx | 3 +- .../share/lib/security/java.security-solaris | 3 +- .../share/lib/security/java.security-windows | 3 +- .../DisableSHA1inHandshakeSignatureTLS12.java | 120 ++++++++++++++++++ .../DisableSHA1inHandshakeSignatureTLS13.java | 70 ++++++++++ 8 files changed, 203 insertions(+), 7 deletions(-) create mode 100644 jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS12.java create mode 100644 jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS13.java diff --git a/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java b/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java index 3058faefd1..5860ce8fc9 100644 --- a/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java +++ b/jdk/src/share/classes/sun/security/ssl/SignatureScheme.java @@ -136,8 +136,9 @@ enum SignatureScheme { "DSA", ProtocolVersion.PROTOCOLS_TO_12), ECDSA_SHA1 (0x0203, "ecdsa_sha1", "SHA1withECDSA", - "EC", - ProtocolVersion.PROTOCOLS_TO_13), + "EC", null, null, -1, + ProtocolVersion.PROTOCOLS_TO_13, + ProtocolVersion.PROTOCOLS_TO_12), RSA_PKCS1_SHA1 (0x0201, "rsa_pkcs1_sha1", "SHA1withRSA", "RSA", null, null, 511, ProtocolVersion.PROTOCOLS_TO_13, diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix index 8da8d62e56..bfc3a9dd11 100644 --- a/jdk/src/share/lib/security/java.security-aix +++ b/jdk/src/share/lib/security/java.security-aix @@ -721,7 +721,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ - ECDH, \ + ECDH, rsa_pkcs1_sha1 usage HandshakeSignature, \ + ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature, \ include jdk.disabled.namedCurves # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux index fb016e141b..d01f68e65c 100644 --- a/jdk/src/share/lib/security/java.security-linux +++ b/jdk/src/share/lib/security/java.security-linux @@ -721,7 +721,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ - ECDH, \ + ECDH, rsa_pkcs1_sha1 usage HandshakeSignature, \ + ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature, \ include jdk.disabled.namedCurves # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx index 6c12001f3e..699ca239e5 100644 --- a/jdk/src/share/lib/security/java.security-macosx +++ b/jdk/src/share/lib/security/java.security-macosx @@ -724,7 +724,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ - ECDH, \ + ECDH, rsa_pkcs1_sha1 usage HandshakeSignature, \ + ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature, \ include jdk.disabled.namedCurves # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris index 7cfd3be06f..610000a248 100644 --- a/jdk/src/share/lib/security/java.security-solaris +++ b/jdk/src/share/lib/security/java.security-solaris @@ -722,7 +722,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ - ECDH, \ + ECDH, rsa_pkcs1_sha1 usage HandshakeSignature, \ + ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature, \ include jdk.disabled.namedCurves # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows index 36cec5d1a9..48da4cb785 100644 --- a/jdk/src/share/lib/security/java.security-windows +++ b/jdk/src/share/lib/security/java.security-windows @@ -724,7 +724,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ - ECDH, \ + ECDH, rsa_pkcs1_sha1 usage HandshakeSignature, \ + ecdsa_sha1 usage HandshakeSignature, dsa_sha1 usage HandshakeSignature, \ include jdk.disabled.namedCurves # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) diff --git a/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS12.java b/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS12.java new file mode 100644 index 0000000000..0389740b7f --- /dev/null +++ b/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS12.java @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8340321 + * @summary Disable SHA-1 in TLS/DTLS 1.2 signatures. + * This test only covers TLS 1.2. + * @library /javax/net/ssl/templates + * /test/lib + * @run main/othervm DisableSHA1inHandshakeSignatureTLS12 + */ + +import static jdk.test.lib.Asserts.assertFalse; +import static jdk.test.lib.Asserts.assertTrue; + +import java.util.List; + +public class DisableSHA1inHandshakeSignatureTLS12 extends + AbstractCheckSignatureSchemes { + + protected DisableSHA1inHandshakeSignatureTLS12() throws Exception { + super(); + } + + public static void main(String[] args) throws Exception { + new DisableSHA1inHandshakeSignatureTLS12().run(); + } + + @Override + protected String getProtocol() { + return "TLSv1.2"; + } + + // Run things in TLS handshake order. + protected void run() throws Exception { + + // Produce client_hello + clientEngine.wrap(clientOut, cTOs); + cTOs.flip(); + + checkClientHello(); + + // Consume client_hello. + serverEngine.unwrap(cTOs, serverIn); + runDelegatedTasks(serverEngine); + + // Produce server_hello. + serverEngine.wrap(serverOut, sTOc); + sTOc.flip(); + + checkCertificateRequest(); + } + + // Returns SHA-1 signature schemes supported for TLSv1.2 handshake + protected List getDisabledSignatureSchemes() { + return List.of( + "ecdsa_sha1", + "rsa_pkcs1_sha1", + "dsa_sha1" + ); + } + + protected void checkClientHello() throws Exception { + // Get signature_algorithms extension signature schemes. + List sigAlgsSS = getSigSchemesCliHello( + extractHandshakeMsg(cTOs, TLS_HS_CLI_HELLO), + SIG_ALGS_EXT); + + // Should not be present in signature_algorithms extension. + getDisabledSignatureSchemes().forEach(ss -> + assertFalse(sigAlgsSS.contains(ss), + "Signature Scheme " + ss + + " present in ClientHello's signature_algorithms extension")); + + // Get signature_algorithms_cert extension signature schemes. + List sigAlgsCertSS = getSigSchemesCliHello( + extractHandshakeMsg(cTOs, TLS_HS_CLI_HELLO), + SIG_ALGS_CERT_EXT); + + // Should be present in signature_algorithms_cert extension. + getDisabledSignatureSchemes().forEach(ss -> + assertTrue(sigAlgsCertSS.contains(ss), + "Signature Scheme " + ss + + " isn't present in ClientHello's" + + " signature_algorithms extension")); + } + + protected void checkCertificateRequest() throws Exception { + // Get CertificateRequest message signature schemes. + List sigAlgsCertSS = getSigSchemesCertReq( + extractHandshakeMsg(sTOc, TLS_HS_CERT_REQ)); + + // Should not be present in CertificateRequest message. + getDisabledSignatureSchemes().forEach(ss -> + assertFalse(sigAlgsCertSS.contains(ss), + "Signature Scheme " + ss + + " present in CertificateRequest")); + } +} diff --git a/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS13.java b/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS13.java new file mode 100644 index 0000000000..55f619460d --- /dev/null +++ b/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS13.java @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8340321 + * @summary Disable SHA-1 in TLS/DTLS 1.2 signatures. + * This test only covers TLS 1.3. + * @library /javax/net/ssl/templates + * /test/lib + * @run main/othervm DisableSHA1inHandshakeSignatureTLS13 + */ + +import java.security.Security; +import java.util.List; + +public class DisableSHA1inHandshakeSignatureTLS13 extends + DisableSHA1inHandshakeSignatureTLS12 { + + protected DisableSHA1inHandshakeSignatureTLS13() throws Exception { + super(); + } + + public static void main(String[] args) throws Exception { + // SHA-1 algorithm MUST NOT be used in any TLSv1.3 handshake signatures. + // This is regardless of jdk.tls.disabledAlgorithms configuration. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + new DisableSHA1inHandshakeSignatureTLS13().run(); + } + + @Override + protected String getProtocol() { + return "TLSv1.3"; + } + + // Returns SHA-1 signature schemes NOT supported for TLSv1.3 handshake + // signatures, but supported for TLSv1.3 certificate signatures. + @Override + protected List getDisabledSignatureSchemes() { + return List.of("ecdsa_sha1", "rsa_pkcs1_sha1"); + } + + // TLSv1.3 sends CertificateRequest signature schemes in + // signature_algorithms and signature_algorithms_cert extensions. Same as + // ClientHello, but they are encrypted. So we skip CertificateRequest + // signature schemes verification for TLSv1.3. + @Override + protected void checkCertificateRequest() { + } +} From e7f9727a0db4a66d954435020b113054afe03b8c Mon Sep 17 00:00:00 2001 From: Severin Gehwolf Date: Mon, 15 Jun 2026 18:13:52 +0200 Subject: [PATCH 2/2] Fix DisableSHA1inHandshakeSignatureTLS1{2,3}.java test List.of() => Collections.unmodifiableList(Arrays.asList()) --- .../DisableSHA1inHandshakeSignatureTLS12.java | 10 ++++++---- .../DisableSHA1inHandshakeSignatureTLS13.java | 10 +++++++--- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS12.java b/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS12.java index 0389740b7f..d9a4eaae76 100644 --- a/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS12.java +++ b/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS12.java @@ -26,14 +26,16 @@ * @bug 8340321 * @summary Disable SHA-1 in TLS/DTLS 1.2 signatures. * This test only covers TLS 1.2. - * @library /javax/net/ssl/templates - * /test/lib + * @library /javax/net/ssl/templates /lib/testlibrary /test/lib + * @build jdk.testlibrary.Utils * @run main/othervm DisableSHA1inHandshakeSignatureTLS12 */ import static jdk.test.lib.Asserts.assertFalse; import static jdk.test.lib.Asserts.assertTrue; +import java.util.Arrays; +import java.util.Collections; import java.util.List; public class DisableSHA1inHandshakeSignatureTLS12 extends @@ -74,10 +76,10 @@ protected void run() throws Exception { // Returns SHA-1 signature schemes supported for TLSv1.2 handshake protected List getDisabledSignatureSchemes() { - return List.of( + return Collections.unmodifiableList(Arrays.asList(new String[]{ "ecdsa_sha1", "rsa_pkcs1_sha1", - "dsa_sha1" + "dsa_sha1"}) ); } diff --git a/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS13.java b/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS13.java index 55f619460d..c715ea1ce0 100644 --- a/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS13.java +++ b/jdk/test/sun/security/ssl/SignatureScheme/DisableSHA1inHandshakeSignatureTLS13.java @@ -26,12 +26,14 @@ * @bug 8340321 * @summary Disable SHA-1 in TLS/DTLS 1.2 signatures. * This test only covers TLS 1.3. - * @library /javax/net/ssl/templates - * /test/lib + * @library /javax/net/ssl/templates /lib/testlibrary /test/lib + * @build jdk.testlibrary.Utils * @run main/othervm DisableSHA1inHandshakeSignatureTLS13 */ import java.security.Security; +import java.util.Arrays; +import java.util.Collections; import java.util.List; public class DisableSHA1inHandshakeSignatureTLS13 extends @@ -57,7 +59,9 @@ protected String getProtocol() { // signatures, but supported for TLSv1.3 certificate signatures. @Override protected List getDisabledSignatureSchemes() { - return List.of("ecdsa_sha1", "rsa_pkcs1_sha1"); + return Collections.unmodifiableList(Arrays.asList(new String[] { + "ecdsa_sha1", "rsa_pkcs1_sha1" + })); } // TLSv1.3 sends CertificateRequest signature schemes in