RFR: 8281561: Disable http DIGEST mechanism with MD5 and SHA-1 by default [v8]
Michael McMahon
michaelm at openjdk.java.net
Mon Mar 28 10:33:48 UTC 2022
On Mon, 28 Mar 2022 09:29:58 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> No, the digest field refers to the actual message digest algorithm (as known to the security libraries). The algorithm field holds the algorithm name as it is defined in RFC7616.
>
> I am confused here - because you converted `algorithm` to upper case, so it should never end with `-sess`?
Look at line 478: The `algorithm` field is reset here to be the upper case of the digest name plus the -sess suffix in lower case.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
More information about the net-dev
mailing list