Hi, Could I get the following change reviewed please, which is to disable the MD5 message digest algorithm by default in the HTTP Digest authentication mechanism? The algorithm can be opted into by setting a new system property "http.auth.digest.enabledDigestAlgs" to include the value MD5. The change also updates the Digest authentication implementation to use some of the more secure features defined in RFC7616, such as username hashing and additional digest algorithms like SHA256 and SHA512-256.
- Michael ------------- Commit messages: - fix whitespace - update property name. add documentation - fixed one more test - fixed up existing tests using digest auth - Merge branch 'master' into md5 - added userhash support plus test - fixed problem in copyright header - added test - Merge branch 'master' into md5 - update - ... and 1 more: https://git.openjdk.java.net/jdk/compare/b6c35ae4...f0fb72de Changes: https://git.openjdk.java.net/jdk/pull/7688/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=7688&range=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8281561 Stats: 302 lines in 11 files changed: 247 ins; 3 del; 52 mod Patch: https://git.openjdk.java.net/jdk/pull/7688.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/7688/head:pull/7688 PR: https://git.openjdk.java.net/jdk/pull/7688
