[jdk11u-dev] RFR: 8267880: Upgrade the default PKCS12 MAC algorithm [v2]
Goetz Lindenmaier
goetz at openjdk.org
Tue Aug 2 10:54:54 UTC 2022
On Tue, 2 Aug 2022 09:32:16 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:
>> I backport this for parity with 11.0.17-oracle.
>>
>> In 11.0.12, "JDK-8153005 Upgrade the default PKCS12 encryption/MAC algorithms" was pushed.
>> Some parts of it were reverted right away in "JDK-8267599 Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u".
>> This change now again enables 8153005. It is basically the reverse patch of 8267599,
>> where ParamsTest.java has been renamed to KeytoolOpensslInteropTest.java.
>
> Goetz Lindenmaier has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:
>
> 8267880: Upgrade the default PKCS12 MAC algorithm
Thanks for the review.
Obviously this again introduces the incompatibilities this had been backed out for. But given the security roadmap and the fact that this comes in 7, 8 and 11 of Oracle I think this is bearable.
Also, for 5 releases (11.0.12 to 11.0.17) there was the chance to adapt applications.
-------------
PR: https://git.openjdk.org/jdk11u-dev/pull/1296
More information about the jdk-updates-dev
mailing list