RFR: 8153005: Upgrade the default PKCS12 encryption/MAC algorithms

Hai-May Chao hchao at openjdk.java.net
Thu Oct 8 06:50:18 UTC 2020


On Wed, 7 Oct 2020 22:08:19 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Default algorithms are bumped to be based on PBES2 with AES-256 and SHA-256. Please also review the CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8228481.
>
> Looks good. Only minor comments.

CSR looks good. In "Sepcification" section: a typo in 'Thr iteration counts used by'. At the end, it describes the new
system property will override the security properties and use the older and weaker algorithms, so suggest we could also
add text about setting the iteration counts to the default legacy values.

-------------

PR: https://git.openjdk.java.net/jdk/pull/473



More information about the security-dev mailing list