RFR: JDK-8015388 : Required algorithms for JDK 9
Bradford Wetmore
bradford.wetmore at oracle.com
Tue Sep 15 18:23:08 UTC 2015
I just reviewed the new TrustManagerFactory, looks ok to me too.
Brad
On 9/15/2015 4:43 AM, Sean Mullan wrote:
> On 09/04/2015 08:32 PM, Xuelei Fan wrote:
>> Looks fine to me.
>
> One additional change. I have added PKIX as a required algorithm for
> TrustManagerFactory. Please review the updated webrev:
>
> http://cr.openjdk.java.net/~mullan/webrevs/8015388/webrev.01/
>
> Thanks,
> Sean
>
>>
>> Xuelei
>>
>> On 9/4/2015 11:51 PM, Sean Mullan wrote:
>>> The JDK includes a list of required security algorithms that all
>>> implementations must support:
>>> http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#impl
>>>
>>>
>>>
>>> This list is reviewed before each major release to check if new
>>> algorithms should be added (or existing algorithms removed).
>>>
>>> For JDK 9, we are proposing to add several new algorithms and keysizes
>>> that are recommended by standards bodies for cryptographic operations
>>> and security protocols. Adding these as requirements ensures that Java
>>> applications can depend on them to be available on all Java 9
>>> implementations. The new requirements are:
>>>
>>> 1. Signature: SHA256withDSA
>>> 2. KeyPairGenerator: DSA (2048), DiffieHellman (2048, 4096), RSA (4096)
>>> 3. AlgorithmParameterGenerator: DSA (2048), DiffieHellman (2048, 4096)
>>> 4. Cipher: AES/GCM/NoPadding (128), AES/GCM/PKCS5Padding (128)
>>> 5. SSLContext: TLSv1.1, TLSv1.2
>>>
>>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8015388/webrev.00/
>>>
>>> Thanks,
>>> Sean
>>
More information about the security-dev
mailing list