RFR: 8281561: Disable http DIGEST mechanism with MD5 by default [v3]
Michael McMahon
michaelm at openjdk.java.net
Tue Mar 15 10:27:48 UTC 2022
On Fri, 11 Mar 2022 18:12:27 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> Michael McMahon has updated the pull request incrementally with one additional commit since the last revision:
>>
>> update after second review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java line 102:
>
>> 100: propPrefix + "reEnabledAlgorithms";
>> 101:
>> 102: private static final Set<String> disabledAlgorithms = new HashSet<>();
>
> It would be much better if this was an immutable set to make it MT-safe. You could set the value in the static block below using Set.copyOf().
The Set is private to the class and is not modified after the static initializer completes. It's not clear to me how using Set.copyOf provides stronger MT-safe guarantees than this.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
More information about the net-dev
mailing list