RFR: 8255552: Add DES/3DES/MD5 to jdk.security.legacyAlgorithms [v4]
Hai-May Chao
hchao at openjdk.java.net
Fri Apr 29 19:42:27 UTC 2022
On Fri, 29 Apr 2022 19:18:06 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Removed RC2 changes
>
> src/java.base/share/conf/security/java.security line 644:
>
>> 642: #
>> 643: # In some environments, a certain algorithm or key length may be undesirable
>> 644: # but is not yet disabled.
>
> I would also remove the words "but is not yet disabled." An algorithm may be disabled at different times for different components, such as TLS or Kerberos, so it isn't always a yes or no answer. Also, if a disabled algorithm is re-enabled (by modifying the security properties), we still want `keytool` or `jarsigner` to show warnings.
Good point. Updated the java.security file and the CSR.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8300
More information about the security-dev
mailing list