RFR: 8343232: PKCS#12 KeyStore support for RFC 9579: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v3]
Sean Mullan
mullan at openjdk.org
Thu Sep 18 18:00:54 UTC 2025
On Thu, 18 Sep 2025 16:24:23 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> I found one and maybe two existing tests that will have to be modified if "PBEWithHmacSHA256" becomes the default.
>
> I thought we will keep the default unchanged this time.
Yes, I take back my earlier comment. I think it is better to keep the same default for now (HmacPBESHA256), and then target changing the default to "PBEWithHmacSHA256" in JDK 27. This allows users to try out the new algorithm in JDK 26 before we switch to it.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2360541359
More information about the security-dev
mailing list