[8u] RFR 8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR

Alexander Scherbatiy alexander.scherbatiy at bell-sw.com
Tue Dec 1 19:14:14 UTC 2020


​Hello,

Could you review the backport of P2 JDK-8233228 to 8u.

Bug: https://bugs.openjdk.java.net/browse/JDK-8233228
11u patch: https://hg.openjdk.java.net/jdk-updates/jdk11u/rev/a17295342862
8u webrev: http://cr.openjdk.java.net/~alexsch/sercher/8233228/webrev.00


8233228 backport to 8u (compared to 11u):
* sun.security.ec.ECParameters -> sun.security.util.ECParameters
* sun.security.ec.NamedCurve   -> sun.security.util.NamedCurve
* sun.security.ec.CurveDB      -> sun.security.util.CurveDB
* security/tools/keytool fixed context difference
* DisabledAlgorithmConstraints.java fixed context difference
* Manual merge in ConstraintsParameters.java (XECKey, NamedParameterSpec 
are not available in 8u).
* CurveDB.SPLIT_PATTERN, CurveDB.getSupportedCurves() made public
* NamedCurve class, getName(), getObjectId() made public
* ECParameters.getAlgorithmParameters() made public
* files java.security-<platform> are separate in each platform, applied 
identical changes in all

The are no new failures in hotspot and compact3 tests comparing to the 
build without the fix.

Thanks,
Alexander.


More information about the jdk8u-dev mailing list