On Tue, 28 Oct 2025 17:43:12 GMT, Matthew Donovan <[email protected]> wrote:
>> This PR updates tests that were using MD5 certificates. For most of the
>> tests, I added test cases for TLSv1.2/MD5withRSA and TLSv1.3/SHA256withRSA.
>
> Matthew Donovan has updated the pull request with a new target base due to a
> merge or a rebase. The incremental webrev excludes the unrelated changes
> brought in by the merge/rebase. The pull request contains three additional
> commits since the last revision:
>
> - fixed indents and copyright year
> - Merge branch 'master' into update-md5-certs
> - 8353738: Update TLS unit tests to not use certificates with MD5 signatures
test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java line 222:
> 220: "MD2, RSA keySize < 1024");
> 221: Security.setProperty("jdk.tls.disabledAlgorithms",
> 222: "SSLv3, RC4, DH keySize < 768");
I think we should remove only `MD5`, here and in all other tests:
// If MD5 is used in this test case, don't disable MD5 algorithm.
SecurityUtils.removeFromDisabledTlsAlgs("MD5");
SecurityUtils.removeFromDisabledAlgs(
"jdk.certpath.disabledAlgorithms", List.of("MD5"));
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27342#discussion_r2471528938
