RFR: 8244336: Restrict algorithms at JCE layer [v4]
Valerie Peng
valeriep at openjdk.org
Wed Aug 6 04:53:05 UTC 2025
On Tue, 5 Aug 2025 19:59:35 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Added support for overriding the security property with a system
>> property using the same property name.
>
> src/java.base/share/conf/security/java.security line 793:
>
>> 791: #
>> 792: # Service: (one of the following, more service may be added later)
>> 793: # Cipher | KeyStore | MessageDigest | Signature
>
> Should we consider matching all services if service name is missing (make service name optional)?
Missing service should be treated as error. If we want to match all services, it is better represented as "*". This may be considered for future enhancement if there is a demand.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2255856087
More information about the security-dev
mailing list