[jdk13u-dev] RFR: 8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR

Yuri Nesterenko yan at openjdk.java.net
Thu Nov 26 16:06:04 UTC 2020


On Thu, 26 Nov 2020 11:32:16 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:

>> Hello,
>> 
>> I would like to create backports of 8233228 and 8172404 in 13u. The backports are already in production in 11u.
>> 
>> The proposed 8233228 patch is exactly the same as 15u version, except for Hunk #9 at line 258(299): 
>> 
>> [https://github.com/openjdk/jdk13u-dev/commit/edec2fc6d79678111f97fa9da81d3bc1d2010538#diff-499d805909084ecc06c50b4706f8a2b3ec70ab9aaf55d54a6156c518f85f1bd6](https://github.com/openjdk/jdk13u-dev/commit/edec2fc6d79678111f97fa9da81d3bc1d2010538#diff-499d805909084ecc06c50b4706f8a2b3ec70ab9aaf55d54a6156c518f85f1bd6)
>> 
>> in which the 8244479 is already applied. In comparison, the 15u version applies 8244479 on top of 8233228, so the changes are in reverse order. Otherwise there are no code / logic changes in the code.
>> 
>> The further step would be to submit the 8172404 backport in the subsequent PR, in which the 15u patch applies cleanly in 13u on top of the proposed 8233228.
>> 
>> Thank you.
>> 
>> Best regards,
>> Sergey Chernyshev
>> BellSoft
>
> I'm not a reviewer but Looks Good To Me

Sergey, please take a look at the comment in JBS issue regarding the CSR.

-------------

PR: https://git.openjdk.java.net/jdk13u-dev/pull/32


More information about the jdk-updates-dev mailing list