[Bug 3788] New: [IcedTea14] Update elliptic curve patch to include jdk.disabled.namedCurves

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Mon May 18 02:16:58 UTC 2020 

https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3788

            Bug ID: 3788
           Summary: [IcedTea14] Update elliptic curve patch to include
                    jdk.disabled.namedCurves
           Product: IcedTea
           Version: 9.x-hg
          Hardware: all
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: IcedTea
          Assignee: gnu.andrew at redhat.com
          Reporter: gnu.andrew at redhat.com
                CC: unassigned at icedtea.classpath.org

The elliptic curve removal patch needs to be updated to account for
JDK-8233228, which adds a list of disabled curves to the java.security file.
The property should not reference the ones that have been removed by the patch.

+diff -r bc54620a3848 src/java.base/share/conf/security/java.security
+--- a/src/java.base/share/conf/security/java.security    Thu Feb 06 10:10:54
2020 -0800
++++ b/src/java.base/share/conf/security/java.security    Wed Apr 01 17:18:38
2020 -0300
+@@ -506,16 +506,7 @@
+ # in the jdk.[tls|certpath|jar].disabledAlgorithms properties.  To include
this
+ # list in any of the disabledAlgorithms properties, add the property name as
+ # an entry.
+-jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
+-    secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \
+-    secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \
+-    sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \
+-    sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \
+-    sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \
+-    X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \
+-    X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \
+-    X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \
+-    brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
++jdk.disabled.namedCurves = secp256k1

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20200518/9f3e6dd2/attachment.htm>

More information about the distro-pkg-dev mailing list