RFR: 8244336: Restrict algorithms at JCE layer [v9]
Valerie Peng
valeriep at openjdk.org
Wed Sep 3 20:42:47 UTC 2025
On Wed, 3 Sep 2025 19:58:33 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Address review comments from Tony and Artur.
>
> src/java.base/share/conf/security/java.security line 810:
>
>> 808: # Note: The restriction is applied in the various getInstance(...) methods
>> 809: # of the supported Service classes, i.e. Cipher, KeyStore, MessageDigest,
>> 810: # and Signature.
>
> I think it would be useful to add an additional sentence: "A NoSuchAlgorithmException will be thrown if the algorithm is disabled."
Well, it's not necessarily NSAE, e.g. `java.security.KeyStore` class throws `KeyStoreException`. Maybe just state "An exception will be thrown if the algorithm is disabled"?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2320138416
More information about the security-dev
mailing list