RFR: 8153005: Upgrade the default PKCS12 encryption/MAC algorithms [v2]

Weijun Wang weijun at openjdk.java.net
Fri Oct 9 00:07:21 UTC 2020


On Thu, 8 Oct 2020 16:34:59 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> New commit updating ic to 10000. I also created separate constants for DEFAULT_CERT_PBE_ITERATION_COUNT and
>> DEFAULT_KEY_PBE_ITERATION_COUNT. I haven't made the change for LEGACY_PBE_ITERATION_COUNT since they will never change.
>
> Are you still planning, or is it possible to add a test for Windows 2019? Also, have you considered adding a test that
> checks if the JDK can read OpenSSL PKCS#12 files and vice versa? Maybe we can do that later as a follow-on issue.
> Otherwise, I will approve.

I tried but cannot find a way to tell if a system is Windows Server 2016 or 2019. Their os.version is all 10.0. I've
filed an enhancement for it. That said, I did try running the test using new algorithms and it succeeds.

-------------

PR: https://git.openjdk.java.net/jdk/pull/473



More information about the security-dev mailing list