RFR: 8281561: Disable http DIGEST mechanism with MD5 by default [v2]
Michael McMahon
michaelm at openjdk.java.net
Fri Mar 11 17:31:52 UTC 2022
On Thu, 10 Mar 2022 15:02:17 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Michael McMahon has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java line 701:
>
>> 699: }
>> 700: byte[] digest = md.digest();
>> 701: StringBuilder res = new StringBuilder(digest.length * 2);
>
> Can we use `HexFormat` to encode the bytes?
The fix will probably be back ported, so I'd prefer not to use HexFormat.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
More information about the net-dev
mailing list