Re: RFR 8212867: Link to DRBG test vectors is redirected to a broken link

I'd like to refine the patch a little to diff --git a/src/java.base/share/classes/java/security/DrbgParameters.java b/src/java.base/share/classes/java/security/DrbgParameters.java --- a/src/java.base/share/classes/java/security/DrbgParameters.java +++ b/src/java.base/share/classes/java/security/D

RFR 8212867: Link to DRBG test vectors is redirected to a broken link

Please take a review at the fix below: diff --git a/src/java.base/share/classes/java/security/DrbgParameters.java b/src/java.base/share/classes/java/security/DrbgParameters.java --- a/src/java.base/share/classes/java/security/DrbgParameters.java +++ b/src/java.base/share/classes/java/security/Drb

Re: RFR 6913047: SunPKCS11 memory leak

Hi Martin, Please find my reply below: On 10/18/2018 9:26 AM, Martin Balao wrote: Hi Valerie, Thanks for your feedback. I suggest to keep only one hierarchy of webrevs, so I'll continue in Webrev.12 using your Webrev.02 as a base. Sure, I agree and prefer to use your hierarchy for the sake o

Re: SSLSession#getPeerCertificates and resumed TLSv1.3 sessions

Hello Oleg, Thanks for bringing this to our attention.  I've filed JDK-8212885 to track this issue.  I haven't played around with my test code to look for alternative ways to get at the peer cert chain, but I can try a few things.  I have one idea but it is completely a shot from the hip since

Re: RFR [12]: 8211883: Disable anon and NULL cipher suites

Looks good to me. --Jamil On 10/23/18 12:38 PM, Sean Mullan wrote: Please review this change to add the TLS anonymous and NULL cipher suites to the "jdk.tls.disabledAlgorithms" security property. These suites are used rarely and have security weaknesses. Anonymous suites are vulnerable to ma

RFR [12]: 8211883: Disable anon and NULL cipher suites

Please review this change to add the TLS anonymous and NULL cipher suites to the "jdk.tls.disabledAlgorithms" security property. These suites are used rarely and have security weaknesses. Anonymous suites are vulnerable to man-in-the-middle attacks. NULL suites do not provide confidentiality.

Re: Hashing in Java and Java Cryptography Architecture (JCA) design

Hi, even if it looks complicated for you the idea is that your code is not hard wired to MD5 or SHA1 but in ideal case it is configured. Than you do not know in advance if the selected digest is available. On the other hand no one say that you can create your own helper/tools class. The idea i

Hashing in Java and Java Cryptography Architecture (JCA) design

This seems to me overly complicated for a simple task of instantiating a MessageDigest object: MessageDigest md = null; try { md = MessageDigest.getInstance("SHA-1"); } catch (NoSuchAlgorithmException nsae) {} Couldn't MessageDigest simply be an *interface* and the SHA funcionality a special