RFR 8153005: Upgrade the default PKCS12 encryption/MAC algorithms

Sean Mullan sean.mullan at oracle.com
Tue Nov 24 16:34:26 UTC 2020


On 11/24/20 11:28 AM, Weijun Wang wrote:
> Is “keystore.pkcs12.*” better? Or, maybe more clear?
> 
>     See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information.

"starting with" should be sufficient, I think. No need for the asterisk.

--Sean

> 
> Thanks,
> Max
> 
>> On Nov 24, 2020, at 11:23 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> On 11/17/20 4:38 PM, Weijun Wang wrote:
>>>> On Apr 10, 2020, at 5:03 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>>
>>>> Please take a review at
>>>>
>>>>            CSR : 8228481: Upgrade the default PKCS12 encryption/MAC algorithms
>>>>   Release note : https://bugs.openjdk.java.net/browse/JDK-8242069
>>> I forget if the release note has been reviewed before. If not, please take a look.
>>
>> I made a few small wording changes and added "keystore.pkcs12" for the security properties to look for more information.
>>
>> --Sean
>>
>>> Thanks,
>>> Max
>>>>         webrev : http://cr.openjdk.java.net/~weijun/8153005/webrev.00/
>>>>
>>>> The default pkcs12 algorithms are bumped into PBE and HMAC based on SHA-256 and AES-256.
>>>>
>>>> Thanks,
>>>> Max
>>>>
> 


More information about the security-dev mailing list