On Thu, 2 Jan 2025 14:41:48 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> Periodically, we review the security algorithm requirements to see if new > algorithms should be added or existing ones should be removed. The > requirements are intended to improve interoperability across different SE > implementations by requiring a set of commonly used algorithms. The > algorithms are not always based on the strength of the algorithm; the > requirements are also based on how common the algorithms are, so some weaker > algorithms are still on the list in order to support legacy use cases. > > Add TLSv1.3 to the list of requirements. TLSv1.3 is the most secure protocol > version and is in wide use. Add all cryptographic algorithms that are needed > to implement the TLSv1.3 cipher suites and signature mechanisms defined by > https://www.rfc-editor.org/rfc/rfc8446 as MUST or SHOULD requirements. Also > add algorithms that are required by CNSA 1.0, which was added in JDK 19: > https://bugs.openjdk.org/browse/JDK-8267319. > > No required algorithms or protocols are being removed at this time. > > See the CSR for the complete list of new requirements: > https://bugs.openjdk.org/browse/JDK-8346684 This pull request has now been integrated. Changeset: 3bfa9521 Author: Sean Mullan <mul...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/3bfa9521d5b7e702e842fe1297dbb2ed643f0b0a Stats: 43 lines in 9 files changed: 29 ins; 0 del; 14 mod 8283795: Add TLSv1.3 and CNSA 1.0 algorithms to implementation requirements Reviewed-by: jnimeh ------------- PR: https://git.openjdk.org/jdk/pull/22904
