RFR: 8153005: Upgrade the default PKCS12 encryption/MAC algorithms
Weijun Wang
weijun at openjdk.java.net
Fri Oct 2 19:11:39 UTC 2020
On Fri, 2 Oct 2020 18:44:48 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Default algorithms are bumped to be based on PBES2 with AES-256 and SHA-256. Please also review the CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8228481.
>
> test/jdk/sun/security/mscapi/VeryLongAlias.java line 51:
>
>> 49: public static void main(String[] args) throws Throwable {
>> 50:
>> 51: // Using the old algorithms to make sure the file is recognized
>
> Do we also want to have a test that uses the new algorithms?
I only know Windows Server 2019 can accept the new algorithms.
> test/lib/jdk/test/lib/security/DerUtils.java line 1:
>
>> 1: /*
>
> Is this test change supposed to be a part of this fix?
Yes, the change simplifies `checkAlg` calls so they don't need to convert `KnownOIDs` or `String` to `ObjectIdentifier`
first.
-------------
PR: https://git.openjdk.java.net/jdk/pull/473
More information about the security-dev
mailing list