RFR: 8235710: Remove the legacy elliptic curves [v3]
Weijun Wang
weijun at openjdk.java.net
Thu Sep 24 21:40:07 UTC 2020
On Thu, 24 Sep 2020 21:15:34 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> src/java.base/share/conf/security/java.security line 636:
>>
>>> 634: #
>>> 635: jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
>>> 636: RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
>>
>> `jdk.disabled.namedCurves` still exists. If someone decides to add a curve there, shouldn't it be also disabled here?
>
> jdk.disabled.namedCurves is commented out and I don't think it's good for every operation disabled algorithms call to
> check an empty property. The description for the disabledAlgorithm properties say you have to use "include", so I
> don't think it is necessary to we keep it active..
I just think this is an unnecessary behavior change. After all, the purpose of `jdk.disabled.namedCurves` is to be
included in other disabledAlgorithms properties.
No strong opinion on this. Please decide yourself.
-------------
PR: https://git.openjdk.java.net/jdk/pull/289
More information about the build-dev
mailing list