RFR: 8244336: Restrict algorithms at JCE layer [v2]
Valerie Peng
valeriep at openjdk.org
Thu Aug 7 19:56:19 UTC 2025
On Wed, 6 Aug 2025 03:04:27 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> src/java.base/share/conf/security/java.security line 801:
>>
>>> 799: # its algorithm is the transformation string.
>>> 800: #
>>> 801: # Note: Entries with unsupported services will be ignored
>>
>> Suggest: Services with unrecognized or unsupported algorithms will be ignored.
>
> Per the discussion regarding the throwing `IllegalArgumentException` for invalid entries, I will change this to
>
> # Note: IllegalArgumentException will be thrown if the property value contains
> # entries with invalid syntax or unsupported services.
Hmm, after adding the regression test, I updated the wording further to:
# Note: If the property value contains entries with invalid syntax or
# unsupported services at the time of checking, an ExceptionInInitializerError
# with a cause of IllegalArgumentException will be thrown.
as this matches better with what the caller observes.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2261276455
More information about the security-dev
mailing list