RFR: 8281561: Disable http DIGEST mechanism with MD5 by default [v4]
Michael McMahon
michaelm at openjdk.java.net
Mon Mar 14 10:35:26 UTC 2022
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5 message digest algorithm by default in the HTTP Digest authentication mechanism? The algorithm can be opted into by setting a new system property "http.auth.digest.reEnabledAlgs" to include the value MD5. The change also updates the Digest authentication implementation to use some of the more secure features defined in RFC7616, such as username hashing and additional digest algorithms like SHA256 and SHA512-256.
>
> - Michael
Michael McMahon has updated the pull request incrementally with two additional commits since the last revision:
- update after third review round
- removed swp file
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/7688/files
- new: https://git.openjdk.java.net/jdk/pull/7688/files/3d5ef143..65d549ff
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7688&range=03
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7688&range=02-03
Stats: 10 lines in 3 files changed: 2 ins; 6 del; 2 mod
Patch: https://git.openjdk.java.net/jdk/pull/7688.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/7688/head:pull/7688
PR: https://git.openjdk.java.net/jdk/pull/7688
More information about the net-dev
mailing list