RFR: 8259709: Disable SHA-1 XML Signatures

Weijun Wang weijun at openjdk.java.net
Mon Feb 22 03:45:44 UTC 2021


On Mon, 8 Feb 2021 20:46:41 GMT, Sean Mullan <mullan at openjdk.org> wrote:

> Please review this change to disable XML signatures that use SHA-1 based digest or signature algorithms. SHA-1 is weak and is not a recommended algorithm for digital signatures. This will improve out of the box security by restricting XML signatures that use SHA-1 algorithms.
> 
> CSR: https://bugs.openjdk.java.net/browse/JDK-8261246
> Release Note: https://bugs.openjdk.java.net/browse/JDK-8261364

test/lib/jdk/test/lib/security/SecurityUtils.java line 78:

> 76:      * part of the algorithm URI.
> 77:      */
> 78:     public static void removeAlgsFromDSigPolicy(List<String> algs) {

How about using `String... algs` as arguments?

-------------

PR: https://git.openjdk.java.net/jdk/pull/2463


More information about the security-dev mailing list