[8u] RFR 8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
Alexander Scherbatiy
alexander.scherbatiy at bell-sw.com
Tue Dec 1 19:14:14 UTC 2020
Hello,
Could you review the backport of P2 JDK-8233228 to 8u.
Bug: https://bugs.openjdk.java.net/browse/JDK-8233228
11u patch: https://hg.openjdk.java.net/jdk-updates/jdk11u/rev/a17295342862
8u webrev: http://cr.openjdk.java.net/~alexsch/sercher/8233228/webrev.00
8233228 backport to 8u (compared to 11u):
* sun.security.ec.ECParameters -> sun.security.util.ECParameters
* sun.security.ec.NamedCurve -> sun.security.util.NamedCurve
* sun.security.ec.CurveDB -> sun.security.util.CurveDB
* security/tools/keytool fixed context difference
* DisabledAlgorithmConstraints.java fixed context difference
* Manual merge in ConstraintsParameters.java (XECKey, NamedParameterSpec
are not available in 8u).
* CurveDB.SPLIT_PATTERN, CurveDB.getSupportedCurves() made public
* NamedCurve class, getName(), getObjectId() made public
* ECParameters.getAlgorithmParameters() made public
* files java.security-<platform> are separate in each platform, applied
identical changes in all
The are no new failures in hotspot and compact3 tests comparing to the
build without the fix.
Thanks,
Alexander.
More information about the jdk8u-dev
mailing list