RFR: 8281561: Disable http DIGEST mechanism with MD5 by default [v2]
Michael McMahon
michaelm at openjdk.java.net
Thu Mar 10 11:00:50 UTC 2022
On Wed, 9 Mar 2022 15:41:08 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Michael McMahon has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java line 426:
>
>> 424: algorithm = "MD5"; // The default, accoriding to rfc2069
>> 425: }
>> 426: algorithm = algorithm.toUpperCase();
>
> Please use `toUpperCase(Locale.ROOT)` or `toUpperCase(Locale.ENGLISH)`.
> Should we have a test case for "SHA-512-256" too?
If there's hardcoded example in the RFC, I will include it
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
More information about the net-dev
mailing list