RFR [14] 8214483: Remove algorithms that use MD5, DES, or ECB from security requirements
Sean Mullan
sean.mullan at oracle.com
Wed Nov 6 17:03:40 UTC 2019
On 11/6/19 11:40 AM, Xuelei Fan wrote:
> Looks good to me.
Thanks. Also, someone spotted a typo in my message below:
>
> Xuelei
>
> On 11/6/2019 8:27 AM, Sean Mullan wrote:
>> Please remove this change to remove the Java SE requirements to
Should be "Please review ..."
--Sean
>> implement security algorithms based on DES, MD5, or ECB. It makes
>> sense to periodically review these requirements and remove algorithms
>> or modes that are known to be weak and of which usage has declined
>> significantly and thus compatibility risk is much lower.
>>
>> Note that we are not removing the actual implementations of these
>> algorithms from the JDK. This just means that an SE implementation is
>> not required to support these algorithms.
>>
>> webrev: https://cr.openjdk.java.net/~mullan/webrevs/8214483/webrev.00/
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8233607
>>
>> Thanks,
>> Sean
>>
More information about the security-dev
mailing list