On Mon, 22 Sep 2025 20:52:56 GMT, Artur Barashev <[email protected]> wrote:
>> test/jdk/sun/security/ssl/SignatureScheme/DisableCertSignAlgsExtForServerTLS13.java >> line 131: >> >>> 129: // instead, depends on network >>> setup. >>> 130: || ex instanceof SocketException)); >>> 131: } >> >> Here for TLS 1.3, handshake always fails because SHA256withRSA is not >> allowed for client certificates. Would you consider adding a positive test >> for TLS 1.3 with a client certificate signed with RSASSA-PSS so we could >> test handshake will succeed as the client complies? > > Actually SHA256withRSA is not allowed for handshake signatures in TLSv1.3, I > made a mistake in the test's comment about it which is now corrected. > Otherwise I have added a positive test case, good suggestion! Update looks good. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/26887#discussion_r2373824682
