RFR: 8259709: Disable SHA-1 XML Signatures

Weijun Wang weijun at openjdk.java.net
Fri Feb 19 22:39:48 UTC 2021


On Tue, 9 Feb 2021 21:04:00 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Please review this change to disable XML signatures that use SHA-1 based digest or signature algorithms. SHA-1 is weak and is not a recommended algorithm for digital signatures. This will improve out of the box security by restricting XML signatures that use SHA-1 algorithms.
>> 
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8261246
>> Release Note: https://bugs.openjdk.java.net/browse/JDK-8261364
>
> Change looks good.

All test changes are about re-enable disabled algorithms. Do we have a test on ensuring disabled algorithms are indeed disabled?

-------------

PR: https://git.openjdk.java.net/jdk/pull/2463



More information about the security-dev mailing list