8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures

[jerboaa]

Please review this unclean backport of one of the crypto roadmap update changes that disables SHA1 for TLS 1.2 handshake signatures. The patch is not clean from JDK 11 because:

• The java.security-<os> changes need duplicating and the TLS_RSA disable change is not yet in 8u (tracked in a different PR).
• The DTLS 1.2 test has not been included since DTLS isn't supported in 8u.
• Some minor modifications to replace List.of() with Collections.unmodifiableList(Arrays.asList()) in tests.

Testing

• GHA (with some known failures in x86 (32 bit) tier1) and jdk/security_infra
• jdk/test/javax/net/ssl, jdk/test/sun/net/www/protocol/https/ and jdk/test/sun/security/ssl/ tests with the following results: Test results: passed: 272; failed: 2; error: 1. This includes the two new tests in this patch which fail prior the product fix and pass after. Note that the passed tests rate was 270 in 8349583: Add mechanism to disable signature schemes based on their TLS scope #830

Thoughts?

---

• I confirm that I make this contribution in accordance with the OpenJDK Interim AI Policy.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• JDK-8340321 needs maintainer approval
• Change requires CSR request JDK-8353566 to be approved

Integration blocker

 ⚠️ Dependency #830 must be integrated first

Issues

• JDK-8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures (Enhancement - P2)
• JDK-8353566: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures (CSR)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk8u-dev.git pull/833/head:pull/833
$ git checkout pull/833

Update a local copy of the PR:
$ git checkout pull/833
$ git pull https://git.openjdk.org/jdk8u-dev.git pull/833/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 833

View PR using the GUI difftool:
$ git pr show -t 833

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk8u-dev/pull/833.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back sgehwolf! A progress list of the required criteria for merging this PR into pr/830 will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 00: Full (e7f9727a)