RFR: 8259709: Disable SHA-1 XML Signatures

Sean Mullan mullan at openjdk.java.net
Mon Feb 8 22:00:57 UTC 2021


Please review this change to disable XML signatures that use SHA-1 based digest or signature algorithms. SHA-1 is weak and is not a recommended algorithm for digital signatures. This will improve out of the box security by restricting XML signatures that use SHA-1 algorithms.

CSR: https://bugs.openjdk.java.net/browse/JDK-8261246
Release Note: https://bugs.openjdk.java.net/browse/JDK-8261364

-------------

Commit messages:
 - Remove extra whitespace.
 - Merge
 - Initial revision.

Changes: https://git.openjdk.java.net/jdk/pull/2463/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=2463&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8259709
  Stats: 55 lines in 5 files changed: 50 ins; 0 del; 5 mod
  Patch: https://git.openjdk.java.net/jdk/pull/2463.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/2463/head:pull/2463

PR: https://git.openjdk.java.net/jdk/pull/2463



More information about the security-dev mailing list