RFR: 8286090: Add RC2/RC4 to jdk.security.legacyAlgorithms
Sean Mullan
mullan at openjdk.java.net
Mon May 16 17:20:43 UTC 2022
On Mon, 16 May 2022 12:59:09 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Please review the small change to add RC2 and ARCFOUR to jdk.security.legacyAlgorithms. So it enables keytool -genseckey, -list, and -importkeystore commands to warn users when RC2 or ARCFOUR algorithm is used.
>
> test/jdk/sun/security/tools/keytool/WeakSecretKeyTest.java line 67:
>
>> 65:
>> 66: SecurityTools.keytool("-keystore ks.p12 -storepass changeit " +
>> 67: "-genseckey -keyalg RC4 -alias rc4key -keysize 1024")
>
> `-keysize` should be 128.
Oops, I stand corrected. 1024 is a valid RC4 key size.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8712
More information about the security-dev
mailing list