[13] RFR JDK-8220016 "SunRsaSignEntries were mistakenly added to the SunJSSE provider"
Valerie Peng
valerie.peng at oracle.com
Fri Mar 8 02:15:10 UTC 2019
Do you mean removing the part about SunRsaSignEntries completely? Or
only remove the MD2/MD5withRSA signature algorithms?
Do you know the history of including them in the first place? Since
SunRsaSign provider has been in early JDK releases, I wonder why SunJSSE
provider duplicated these RSA algorithms in the first place? I can file
a CSR, knowing the history/reason would help.
Thanks,
Valerie
On 3/7/2019 5:45 PM, Xuelei Fan wrote:
> Hi Valerie,
>
> As you are already there, I may suggest to remove the old RSA crypto
> algorithms in the SunJSSE providers as well. As may simplify the code
> a little bit, though a CSR is needed for the SunJSSE behavior change.
>
> Thanks,
> Xuelei
>
> On 3/7/2019 4:56 PM, Valerie Peng wrote:
>> Hi Brad,
>>
>> Do you have time to help review the changes for JDK-8220016? Current
>> changes are to register the same list of RSA-related services as
>> these prior to the fix for JDK-7092821. I am not sure what are the
>> old RSA impls for pre-JDK1.4 implementations. Otherwise, I can remove
>> them as well. Please let me know.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8220016
>>
>> Webrev: http://cr.openjdk.java.net/~valeriep/8220016/webrev.00/
>>
>> Thanks,
>> Valerie
More information about the security-dev
mailing list