On Thu, 9 Jan 2025 14:31:53 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Periodically, we review the security algorithm requirements to see if new >> algorithms should be added or existing ones should be removed. The >> requirements are intended to improve interoperability across different SE >> implementations by requiring a set of commonly used algorithms. The >> algorithms are not always based on the strength of the algorithm; the >> requirements are also based on how common the algorithms are, so some weaker >> algorithms are still on the list in order to support legacy use cases. >> >> Add TLSv1.3 to the list of requirements. TLSv1.3 is the most secure protocol >> version and is in wide use. Add all cryptographic algorithms that are needed >> to implement the TLSv1.3 cipher suites and signature mechanisms defined by >> https://www.rfc-editor.org/rfc/rfc8446 as MUST or SHOULD requirements. Also >> add algorithms that are required by CNSA 1.0, which was added in JDK 19: >> https://bugs.openjdk.org/browse/JDK-8267319. >> >> No required algorithms or protocols are being removed at this time. >> >> See the CSR for the complete list of new requirements: >> https://bugs.openjdk.org/browse/JDK-8346684 > > Sean Mullan has updated the pull request incrementally with one additional > commit since the last revision: > > Fix typo in Cipher ChaCha20 requirement, and remove "curve" word from > Signature requirements. Updates look good. ------------- Marked as reviewed by jnimeh (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/22904#pullrequestreview-2540296793
