RFR [14] 8214483: Remove algorithms that use MD5, DES, or ECB from security requirements
Xuelei Fan
xuelei.fan at oracle.com
Wed Nov 6 16:40:18 UTC 2019
Looks good to me.
Xuelei
On 11/6/2019 8:27 AM, Sean Mullan wrote:
> Please remove this change to remove the Java SE requirements to
> implement security algorithms based on DES, MD5, or ECB. It makes sense
> to periodically review these requirements and remove algorithms or modes
> that are known to be weak and of which usage has declined significantly
> and thus compatibility risk is much lower.
>
> Note that we are not removing the actual implementations of these
> algorithms from the JDK. This just means that an SE implementation is
> not required to support these algorithms.
>
> webrev: https://cr.openjdk.java.net/~mullan/webrevs/8214483/webrev.00/
> CSR: https://bugs.openjdk.java.net/browse/JDK-8233607
>
> Thanks,
> Sean
>
More information about the security-dev
mailing list