8349583: Add mechanism to disable signature schemes based on their TLS scope

[vieiro]

Backport of JDK-8349583 from JDK17, a first step to disable SHA-1 in TLS/DTLS 1.2 handshake signatures to comply with the Oracle JRE Cryptographic Roadmap, to be followed with JDK-8340321.

Backport is not clean, as there're significant changes from JDK17.

To ease review, three additional commits adapt the backport to JDK11, which is missing JDK-8284047 (2nd commit) and JDK-8288209 (3rd commit). Also JDK11 is missing ByteBuffer.slice(int, int) (4th commit).

Tested on Linux with tier1 tests and with run-test-jdk_security:

==============================
Test summary
==============================
   TEST                                              TOTAL  PASS  FAIL ERROR   
   jtreg:test/jdk:jdk_security                        1365  1365     0     0   
==============================
TEST SUCCESS

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• JDK-8349583 needs maintainer approval
• Change requires CSR request JDK-8350902 to be approved

Integration blocker

 ⚠️ Dependency #3126 must be integrated first

Issues

• JDK-8349583: Add mechanism to disable signature schemes based on their TLS scope (Enhancement - P2)
• JDK-8350902: Add mechanism to disable signature schemes based on their TLS scope (CSR)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/3130/head:pull/3130
$ git checkout pull/3130

Update a local copy of the PR:
$ git checkout pull/3130
$ git pull https://git.openjdk.org/jdk11u-dev.git pull/3130/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 3130

View PR using the GUI difftool:
$ git pr show -t 3130

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/3130.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back avieiro! A progress list of the required criteria for merging this PR into pr/3126 will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[vieiro]

NOTE: This one on top of #3126 , which introduces some tests required in this backport.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 00: Full (7205569d)