On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon <micha...@openjdk.org> wrote:
> Hi, > > Could I get the following change reviewed please, which is to disable the MD5 > message digest algorithm by default in the HTTP Digest authentication > mechanism? The algorithm can be opted into by setting a new system property > "http.auth.digest.reEnabledAlgs" to include the value MD5. The change also > updates the Digest authentication implementation to use some of the more > secure features defined in RFC7616, such as username hashing and additional > digest algorithms like SHA256 and SHA512-256. > > - Michael This pull request has now been integrated. Changeset: 7f2a3ca2 Author: Michael McMahon <micha...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/7f2a3ca289ae14bec1af24d0a51e98ba697ce9c1 Stats: 585 lines in 14 files changed: 490 ins; 14 del; 81 mod 8281561: Disable http DIGEST mechanism with MD5 and SHA-1 by default Reviewed-by: weijun, dfuchs ------------- PR: https://git.openjdk.java.net/jdk/pull/7688