> Periodically, we review the security algorithm requirements to see if new > algorithms should be added or existing ones should be removed. The > requirements are intended to improve interoperability across different SE > implementations by requiring a set of commonly used algorithms. The > algorithms are not always based on the strength of the algorithm; the > requirements are also based on how common the algorithms are, so some weaker > algorithms are still on the list in order to support legacy use cases. > > Add TLSv1.3 to the list of requirements. TLSv1.3 is the most secure protocol > version and is in wide use. Add all cryptographic algorithms that are needed > to implement the TLSv1.3 cipher suites and signature mechanisms defined by > https://www.rfc-editor.org/rfc/rfc8446 as MUST or SHOULD requirements. Also > add algorithms that are required by CNSA 1.0, which was added in JDK 19: > https://bugs.openjdk.org/browse/JDK-8267319. > > No required algorithms or protocols are being removed at this time. > > See the CSR for the complete list of new requirements: > https://bugs.openjdk.org/browse/JDK-8346684
Sean Mullan has updated the pull request incrementally with one additional commit since the last revision: Fix typo in Cipher ChaCha20 requirement, and remove "curve" word from Signature requirements. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/22904/files - new: https://git.openjdk.org/jdk/pull/22904/files/b622c996..b5089617 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=22904&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=22904&range=01-02 Stats: 3 lines in 2 files changed: 0 ins; 0 del; 3 mod Patch: https://git.openjdk.org/jdk/pull/22904.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/22904/head:pull/22904 PR: https://git.openjdk.org/jdk/pull/22904
