RFR [14] 8214483: Remove algorithms that use MD5, DES, or ECB from security requirements
Sean Mullan
sean.mullan at oracle.com
Wed Nov 6 16:27:02 UTC 2019
Please remove this change to remove the Java SE requirements to
implement security algorithms based on DES, MD5, or ECB. It makes sense
to periodically review these requirements and remove algorithms or modes
that are known to be weak and of which usage has declined significantly
and thus compatibility risk is much lower.
Note that we are not removing the actual implementations of these
algorithms from the JDK. This just means that an SE implementation is
not required to support these algorithms.
webrev: https://cr.openjdk.java.net/~mullan/webrevs/8214483/webrev.00/
CSR: https://bugs.openjdk.java.net/browse/JDK-8233607
Thanks,
Sean
More information about the security-dev
mailing list