RFR: 8153005: Upgrade the default PKCS12 encryption/MAC algorithms [v2]
Weijun Wang
weijun at openjdk.java.net
Thu Oct 8 14:23:57 UTC 2020
On Wed, 7 Oct 2020 22:49:09 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> CSR looks good. In "Sepcification" section: a typo in 'Thr iteration counts used by'. At the end, it describes the new
>> system property will override the security properties and use the older and weaker algorithms, so suggest we could also
>> add text about setting the iteration counts to the default legacy values.
>
> CSR updated. More description, and iteration counts lowered to 10000. Will update code soon.
New commit updating ic to 10000. I also created separate constants for DEFAULT_CERT_PBE_ITERATION_COUNT and
DEFAULT_KEY_PBE_ITERATION_COUNT. I haven't made the change for LEGACY_PBE_ITERATION_COUNT since they will never change.
-------------
PR: https://git.openjdk.java.net/jdk/pull/473
More information about the security-dev
mailing list