RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v2]
Hai-May Chao
hchao at openjdk.java.net
Fri Apr 29 03:14:58 UTC 2022
On Thu, 28 Apr 2022 13:25:13 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> SecretKeyConstraintsParameters subclass created and property description updated
>
> src/java.base/share/conf/security/java.security line 641:
>
>> 639:
>> 640: #
>> 641: # Legacy cryptographic algorithms and key lengths
>
> Nit: add period at end of sentence.
Ok.
> test/jdk/sun/security/tools/keytool/ReadJar.java line 26:
>
>> 24: /**
>> 25: * @test
>> 26: * @bug 6890872 8168882 8257722 8255552
>
> Here we are just updating the warning message, so I don't think the bugid needs to be added.
Ok.
> test/jdk/sun/security/tools/keytool/ReadJar.java line 162:
>
>> 160: .shouldContain("Certificate #2:")
>> 161: .shouldContain("Signer #2:")
>> 162: .shouldNotMatch("The certificate #.* of signer #.*" + "uses the SHA1withRSA.*will be disabled")
>
> You probably don't need to check for a non-occurrence here since the message has been changed and can no longer occur. I also think it doesn't need to list the bugid because it is not testing the main fix which is warnings on symmetric key algs.
In webrev 01, I’ve made the change to remove the checking for a non-occurrence. I added the bugid as the test verifies the warning message for asymmetric keys and certificates, which is changed In this PR. I'll remove the bugid as it is not testing the main fix.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8300
More information about the security-dev
mailing list