Re: [13] RFR 8226719: Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message"

> On Jul 3, 2019, at 11:28 AM, Xuelei Fan wrote: > > To make it clearer, I would like to have a brief comment about the unkeyed > checksum checking as you cited of section 6.1 of RFC 3961, probably in > Checksum.verifyAnyChecksum() or/and CksumType.verifyChecksum(). > > Checksum.verifyAnyCh

Re: [13] RFR 8226719: Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message"

To make it clearer, I would like to have a brief comment about the unkeyed checksum checking as you cited of section 6.1 of RFC 3961, probably in Checksum.verifyAnyChecksum() or/and CksumType.verifyChecksum(). Checksum.verifyAnyChecksum(): 191 if (!cksumEngine.isSafe()) 192 throw new K

Re: RFR[13] JDK-8225745: NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support

368 private static boolean isCompatible(ECParameterSpec sigParams, 369 ECParameterSpec keyParams) { 370 if (sigParams == null) { 371 // no restriction on key param 372 return true; 373 } 374 return sigParams.equals(keyParams);

RFR[13] JDK-8225745: NoSuchAlgorithmException exception for SHA256withECDSA with RSASSA-PSS support

Hi Any one can help reviewing this fix? Some ECDSA certificates contains signature algorithm identifiers with non-null parameter bytes. Before RSASSA-PSS support, these parameter bytes are ignored, however, after RSASSA-PSS support, the parameter bytes are passed to the underlying signature i

Re: [13] RFR 8227059: sun/security/tools/keytool/DefaultSignatureAlgorithm.java timed out

Updated at https://cr.openjdk.java.net/~weijun/8227059/webrev.01. EC added. --Max > On Jul 2, 2019, at 11:04 PM, Weijun Wang wrote: > > Please take a review at > > http://cr.openjdk.java.net/~weijun/8227059/webrev.00/ > > A fake DSA key pair generator with hardcoded keys. I haven't modified

Re: [13] RFR 8226719: Kerberos login to Windows 2000 failed with "Inappropriate type of checksum in message"

More justification from https://tools.ietf.org/html/rfc3961#section-6.1: 6.1. Unkeyed Checksums These checksum types use no encryption keys and thus can be used in combination with any encryption type, but they may only be used with caution, in limited circumstances where the lack of

RFR[13] Release Note for Stateless Resumption

Hi, I needs a release note review of the Stateless Resumption work https://bugs.openjdk.java.net/browse/JDK-8227105 thanks Tony

RFR 8226338: Updates to Stateless Resumption

Hi, I need a code review on some updates to the stateless resumption. 1) Changing peerSupportedSignAlgs from a String[] to Collection[] 2) Additional items added to the stateless ticket 3) Not provide a stateless ticket when the masterkey is not accessible (FIPS) or when boundValues are used

[13] RFR 8227059: sun/security/tools/keytool/DefaultSignatureAlgorithm.java timed out

Please take a review at http://cr.openjdk.java.net/~weijun/8227059/webrev.00/ A fake DSA key pair generator with hardcoded keys. I haven't modified EC since it's quite fast. Thanks, Max

Re: Change in behaviour of SSLSessionContext APIs in recent Java 13 EA versions

On 7/1/19 7:23 PM, Jaikiran Pai wrote: Hello Tony, On 01/07/19 10:28 PM, Anthony Scarpino wrote: Hi, You are correct this behavior is a result of stateless resumption. The stateless servers does not keep session state information and is currently opt-out. Thank you for looking into this and