RFR: 8259709: Disable SHA-1 XML Signatures
Sean Mullan
mullan at openjdk.java.net
Wed Feb 24 22:00:40 UTC 2021
On Mon, 22 Feb 2021 03:42:23 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Please review this change to disable XML signatures that use SHA-1 based digest or signature algorithms. SHA-1 is weak and is not a recommended algorithm for digital signatures. This will improve out of the box security by restricting XML signatures that use SHA-1 algorithms.
>>
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8261246
>> Release Note: https://bugs.openjdk.java.net/browse/JDK-8261364
>
> test/lib/jdk/test/lib/security/SecurityUtils.java line 78:
>
>> 76: * part of the algorithm URI.
>> 77: */
>> 78: public static void removeAlgsFromDSigPolicy(List<String> algs) {
>
> How about using `String... algs` as arguments?
Yes, that is nicer.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2463
More information about the security-dev
mailing list