RFR: 8259709: Disable SHA-1 XML Signatures [v2]
Sean Mullan
mullan at openjdk.java.net
Thu Mar 4 13:38:55 UTC 2021
> Please review this change to disable XML signatures that use SHA-1 based digest or signature algorithms. SHA-1 is weak and is not a recommended algorithm for digital signatures. This will improve out of the box security by restricting XML signatures that use SHA-1 algorithms.
>
> CSR: https://bugs.openjdk.java.net/browse/JDK-8261246
> Release Note: https://bugs.openjdk.java.net/browse/JDK-8261364
Sean Mullan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains five additional commits since the last revision:
- Change SecurityUtils.removeAlgsFromDSigPolicy to use varargs and not List.
- Merge
- Remove extra whitespace.
- Merge
- Initial revision.
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/2463/files
- new: https://git.openjdk.java.net/jdk/pull/2463/files/fd586fc7..5bd90b80
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=2463&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=2463&range=00-01
Stats: 2899 lines in 117 files changed: 1781 ins; 666 del; 452 mod
Patch: https://git.openjdk.java.net/jdk/pull/2463.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/2463/head:pull/2463
PR: https://git.openjdk.java.net/jdk/pull/2463
More information about the security-dev
mailing list