RFR [14] 8214483: Remove algorithms that use MD5, DES, or ECB from security requirements

Sean Mullan sean.mullan at oracle.com
Wed Nov 6 17:03:40 UTC 2019


On 11/6/19 11:40 AM, Xuelei Fan wrote:
> Looks good to me.

Thanks. Also, someone spotted a typo in my message below:

> 
> Xuelei
> 
> On 11/6/2019 8:27 AM, Sean Mullan wrote:
>> Please remove this change to remove the Java SE requirements to

Should be "Please review ..."

--Sean

>> implement security algorithms based on DES, MD5, or ECB. It makes 
>> sense to periodically review these requirements and remove algorithms 
>> or modes that are known to be weak and of which usage has declined 
>> significantly and thus compatibility risk is much lower.
>>
>> Note that we are not removing the actual implementations of these 
>> algorithms from the JDK. This just means that an SE implementation is 
>> not required to support these algorithms.
>>
>> webrev: https://cr.openjdk.java.net/~mullan/webrevs/8214483/webrev.00/
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8233607
>>
>> Thanks,
>> Sean
>>



More information about the security-dev mailing list