On Fri, 25 Mar 2022 15:07:40 GMT, Michael McMahon <[email protected]> wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system property
>> "http.auth.digest.reEnabledAlgs" to include the value MD5. The change also
>> updates the Digest authentication implementation to use some of the more
>> secure features defined in RFC7616, such as username hashing and additional
>> digest algorithms like SHA256 and SHA512-256.
>>
>> - Michael
>
> Michael McMahon has updated the pull request incrementally with one
> additional commit since the last revision:
>
> forgot update to DigestAuth test
src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
line 524:
> 522: }
> 523:
> 524: boolean session = algorithm.endsWith ("-sess");
should that be `digest.endsWith("-sess");` ?
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
