RFR: 8244336: Restrict algorithms at JCE layer [v9]

Valerie Peng valeriep at openjdk.org
Wed Sep 3 20:42:47 UTC 2025


On Wed, 3 Sep 2025 19:58:33 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Address review comments from Tony and Artur.
>
> src/java.base/share/conf/security/java.security line 810:
> 
>> 808: # Note: The restriction is applied in the various getInstance(...) methods
>> 809: # of the supported Service classes, i.e. Cipher, KeyStore, MessageDigest,
>> 810: # and Signature.
> 
> I think it would be useful to add an additional sentence: "A NoSuchAlgorithmException will be thrown if the algorithm is disabled."

Well, it's not necessarily NSAE, e.g. `java.security.KeyStore` class throws `KeyStoreException`. Maybe just state "An exception will be thrown if the algorithm is disabled"?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2320138416


More information about the security-dev mailing list