RFR: 8281561: Disable http DIGEST mechanism with MD5 and SHA-1 by default [v8]
Michael McMahon
michaelm at openjdk.java.net
Mon Mar 28 08:25:52 UTC 2022
On Fri, 25 Mar 2022 17:21:11 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> Michael McMahon has updated the pull request incrementally with one additional commit since the last revision:
>>
>> forgot update to DigestAuth test
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java line 524:
>
>> 522: }
>> 523:
>> 524: boolean session = algorithm.endsWith ("-sess");
>
> should that be `digest.endsWith("-sess");` ?
No, the digest field refers to the actual message digest algorithm (as known to the security libraries). The algorithm field holds the algorithm name as it is defined in RFC71616.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
More information about the net-dev
mailing list