RFR: 8153005: Upgrade the default PKCS12 encryption/MAC algorithms

Weijun Wang weijun at openjdk.java.net
Fri Oct 2 19:11:39 UTC 2020


On Fri, 2 Oct 2020 18:44:48 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Default algorithms are bumped to be based on PBES2 with AES-256 and SHA-256. Please also review the CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8228481.
>
> test/jdk/sun/security/mscapi/VeryLongAlias.java line 51:
> 
>> 49:     public static void main(String[] args) throws Throwable {
>> 50:
>> 51:         // Using the old algorithms to make sure the file is recognized
> 
> Do we also want to have a test that uses the new algorithms?

I only know Windows Server 2019 can accept the new algorithms.

> test/lib/jdk/test/lib/security/DerUtils.java line 1:
> 
>> 1: /*
> 
> Is this test change supposed to be a part of this fix?

Yes, the change simplifies `checkAlg` calls so they don't need to convert `KnownOIDs` or `String` to `ObjectIdentifier`
first.

-------------

PR: https://git.openjdk.java.net/jdk/pull/473



More information about the security-dev mailing list