RFR: JDK-8015388 : Required algorithms for JDK 9
Sean Mullan
sean.mullan at oracle.com
Tue Sep 15 11:43:23 UTC 2015
On 09/04/2015 08:32 PM, Xuelei Fan wrote:
> Looks fine to me.
One additional change. I have added PKIX as a required algorithm for
TrustManagerFactory. Please review the updated webrev:
http://cr.openjdk.java.net/~mullan/webrevs/8015388/webrev.01/
Thanks,
Sean
>
> Xuelei
>
> On 9/4/2015 11:51 PM, Sean Mullan wrote:
>> The JDK includes a list of required security algorithms that all
>> implementations must support:
>> http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#impl
>>
>>
>> This list is reviewed before each major release to check if new
>> algorithms should be added (or existing algorithms removed).
>>
>> For JDK 9, we are proposing to add several new algorithms and keysizes
>> that are recommended by standards bodies for cryptographic operations
>> and security protocols. Adding these as requirements ensures that Java
>> applications can depend on them to be available on all Java 9
>> implementations. The new requirements are:
>>
>> 1. Signature: SHA256withDSA
>> 2. KeyPairGenerator: DSA (2048), DiffieHellman (2048, 4096), RSA (4096)
>> 3. AlgorithmParameterGenerator: DSA (2048), DiffieHellman (2048, 4096)
>> 4. Cipher: AES/GCM/NoPadding (128), AES/GCM/PKCS5Padding (128)
>> 5. SSLContext: TLSv1.1, TLSv1.2
>>
>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8015388/webrev.00/
>>
>> Thanks,
>> Sean
>
More information about the security-dev
mailing list