RFR: 8244336: Restrict algorithms at JCE layer [v9]

Artur Barashev abarashev at openjdk.org
Thu Aug 21 13:25:59 UTC 2025


On Mon, 18 Aug 2025 18:40:19 GMT, Artur Barashev <abarashev at openjdk.org> wrote:

>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Address review comments from Tony and Artur.
>
> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 77:
> 
>> 75:      * Initialize algorithm constraints with the specified security property
>> 76:      * {@code propertyName}. Note that if a system property of the same name
>> 77:      * is set, it overrides the security property.
> 
> We allow a system property to override `jdk.crypto.disabledAlgorithms` security property but not other `*.disabledAlgorithms` security properties. That's an inconsistent experience. Any particular reason we need this functionality for `jdk.crypto.disabledAlgorithms`? Are we going to document it in JSSE guide?

Explanation provided out of band.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2291054516


More information about the security-dev mailing list