RFR: 8244336: Restrict algorithms at JCE layer [v9]
Valerie Peng
valeriep at openjdk.org
Thu Aug 21 22:04:00 UTC 2025
On Thu, 21 Aug 2025 13:23:12 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/CryptoAlgorithmConstraints.java line 77:
>>
>>> 75: * Initialize algorithm constraints with the specified security property
>>> 76: * {@code propertyName}. Note that if a system property of the same name
>>> 77: * is set, it overrides the security property.
>>
>> We allow a system property to override `jdk.crypto.disabledAlgorithms` security property but not other `*.disabledAlgorithms` security properties. That's an inconsistent experience. Any particular reason we need this functionality for `jdk.crypto.disabledAlgorithms`? Are we going to document it in JSSE guide?
>
> Explanation provided out of band.
Yes, the system property override support is on case-by-case basis depending on need.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2292224768
More information about the security-dev
mailing list