RFR: 8281561: Disable http DIGEST mechanism with MD5 by default [v2]
Michael McMahon
michaelm at openjdk.java.net
Thu Mar 10 16:53:40 UTC 2022
On Thu, 10 Mar 2022 14:26:28 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Michael McMahon has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/java/net/doc-files/net-properties.html line 234:
>
>> 232: in the {@code java.security} properties file and currently comprises {@code MD5} and
>> 233: {@code SHA-1}. If it is still required to use one of these algorithms, then they can be
>> 234: re-enabled by setting this property to a comma separated list of the algorithm names.</P>
>
> Can we use "re-enabled" in the property name? To me, the name "enabled" sounds like all enabled algorithms are listed here.
Okay, I'm suggesting "http.auth.digest.reEnabledAlgorithms" now.
Hopefully we can stick with that.
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java line 78:
>
>> 76: private static final Set<String> defDisabledAlgs = getDefaultAlgs();
>> 77:
>> 78: private static Set<String> getDefaultAlgs() {
>
> How about rename the method to include "disabled"?
That code is reworked so the method no longer exists
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
More information about the net-dev
mailing list