RFR: 8244336: Restrict algorithms at JCE layer [v9]
Artur Barashev
abarashev at openjdk.org
Thu Aug 21 13:25:59 UTC 2025
On Mon, 18 Aug 2025 18:40:19 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comments from Tony and Artur.
>
> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 77:
>
>> 75: * Initialize algorithm constraints with the specified security property
>> 76: * {@code propertyName}. Note that if a system property of the same name
>> 77: * is set, it overrides the security property.
>
> We allow a system property to override `jdk.crypto.disabledAlgorithms` security property but not other `*.disabledAlgorithms` security properties. That's an inconsistent experience. Any particular reason we need this functionality for `jdk.crypto.disabledAlgorithms`? Are we going to document it in JSSE guide?
Explanation provided out of band.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2291054516
More information about the security-dev
mailing list