[11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u
Seán Coffey
sean.coffey at oracle.com
Fri May 28 13:40:45 UTC 2021
Martin,
you seem to be suggesting a full revert of the JDK-8153005 changes. Note
that the Oracle JDK changes only relate to to the default PKCS12
macAlgorithm and macIterationCount (back to HmacPBESHA1 and 100000
respectively). While there are other interoperability concerns with the
keystore.pkcs12.certProtectionAlgorithm and
keystore.pkcs12.keyProtectionAlgorithm values [1], they relate to JDK
8u/7u where PKCS12 is not the default keystore type.
regards,
Sean.
[1] https://bugs.openjdk.java.net/browse/JDK-8267837
On 28/05/2021 13:52, Doerr, Martin wrote:
> Hi,
>
> Oracle has reverted the changes from JDK-8153005 backport in 11.0.12-oracle for interoperability reasons. See:
> https://bugs.openjdk.java.net/browse/JDK-8267599
> and CSR:
> https://bugs.openjdk.java.net/browse/JDK-8267701
>
> I had to adapt the small test addition from JDK-8266293 (see "// 8266293" comment in ParamsPreferences.java):
> http://cr.openjdk.java.net/~mdoerr/8267599_revert_8153005_11u/webrev.00/
>
> Please review.
> Comments?
>
> Best regards,
> Martin
>
More information about the security-dev
mailing list