On Tue, 26 Aug 2025 05:21:36 GMT, Nibedita Jena <d...@openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with two >> additional commits since the last revision: >> >> - Update tests >> - Revert "Include RSASSA-PKCS1-v1_5 and Legacy algorithms in >> signature_algorithms for TLSv1.3" >> >> This reverts commit adc236be4bcac11614e2741c99545aa593f6af5b. > > test/jdk/sun/security/ssl/SignatureScheme/DisableSignatureSchemePerScopeTLS12.java > line 131: > >> 129: // signature_algorithms_cert extension MUST contain disabled >> 130: // handshake signature scheme. >> 131: assertTrue(sigAlgsCertSS.contains(HANDSHAKE_DISABLED_SIG), > > If `jdk.tls.client.disableExtensions=signature_algorithms_cert` is used, then > the given extension wont be present, it will fail here Correct, [DisableSignatureSchemePerScopeNoClientCertSignAlgsExtTLS12.java](https://github.com/openjdk/jdk/pull/26887/files#diff-4e93ab75d50e906c41e810114260fa3ca601f2fe554990578feaf9406e94687a) tests this scenario. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/26887#discussion_r2301797551
