Re: RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v5]

On Mon, 14 Mar 2022 21:08:30 GMT, Weijun Wang wrote: >> Valerie Peng has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Update again and undo DSA changes > > src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java > li

Re: RFR: 8282633: jarsigner output does not explain why an EC key is disabled if its curve has been disabled

On Mon, 14 Mar 2022 17:41:28 GMT, Hai-May Chao wrote: > When a named curve is disabled in `jdk.disabled.namedCurves` property which > is included in `jdk.jar.disabledAlgorithms` and > `jdk.certpath.disabledAlgorithms`, `jarsigner` should display the disabled > named curve as a result of its di

Re: RFR: 8280400: JDK 19 L10n resource files update - msgdrop 10 [v3]

On Mon, 14 Mar 2022 20:39:46 GMT, Alisen Chung wrote: >> msg drop for jdk19, Mar 9, 2022 > > Alisen Chung has updated the pull request incrementally with one additional > commit since the last revision: > > removed repeated lines from ROOT bundle in CurrencyNames src/jdk.compiler/share/class

Re: RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v5]

On Mon, 14 Mar 2022 20:08:31 GMT, Valerie Peng wrote: >> It's been several years since we increased the default key sizes. Before >> shifting to PQC, NSA replaced its Suite B cryptography recommendations with >> the Commercial National Security Algorithm Suite which suggests: >> >> - SHA-384 f

Re: RFR: 8280400: JDK 19 L10n resource files update - msgdrop 10 [v3]

> msg drop for jdk19, Mar 9, 2022 Alisen Chung has updated the pull request incrementally with one additional commit since the last revision: removed repeated lines from ROOT bundle in CurrencyNames - Changes: - all: https://git.openjdk.java.net/jdk/pull/7765/files - new: htt

Re: RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v5]

> It's been several years since we increased the default key sizes. Before > shifting to PQC, NSA replaced its Suite B cryptography recommendations with > the Commercial National Security Algorithm Suite which suggests: > > - SHA-384 for secure hashing > - AES-256 for symmetric encryption > - RS

Re: [Internet]Re: Proposal for potential new feature: TLS Certificate Compression

Hi Jamil, Thank you for the support of this proposal. I am happy to move on to the next JEP process if no objections or comments in the coming weeks. Hi All, Please let me know if more time is required for the review of the proposal. Thanks, Xuelei On Mar 11, 2022, at 7:25 AM, Jamil Nimeh

RFR: 8282633: jarsigner output does not explain why an EC key is disabled if its curve has been disabled

When a named curve is disabled in `jdk.disabled.namedCurves` property which is included in `jdk.jar.disabledAlgorithms` and `jdk.certpath.disabledAlgorithms`, `jarsigner` should display the disabled named curve as a result of its disabled algorithm constraint checking. This clarifies why an EC k

Re: RFR: 8280400: JDK 19 L10n resource files update - msgdrop 10 [v2]

On Thu, 10 Mar 2022 17:55:44 GMT, Alisen Chung wrote: >> msg drop for jdk19, Mar 9, 2022 > > Alisen Chung has updated the pull request incrementally with one additional > commit since the last revision: > > moved CurrencyNames changes to jdk.localedata Marked as reviewed by kizune (Reviewer)

Re: RFR: 8280400: JDK 19 L10n resource files update - msgdrop 10 [v2]

On Thu, 10 Mar 2022 18:56:41 GMT, Chris Plummer wrote: >> Alisen Chung has updated the pull request incrementally with one additional >> commit since the last revision: >> >> moved CurrencyNames changes to jdk.localedata > > src/jdk.jdi/share/classes/com/sun/tools/example/debug/tty/TTYResourc

Integrated: 8282529: Fix API Note in javadoc for javax.net.ssl.SSLSocket

On Tue, 1 Mar 2022 17:09:57 GMT, zzambers wrote: > Fixed API Note in javadoc for javax.net.ssl.SSLSocket class. API Note was > introduced by JDK-8208526 [1]. At that point both Socket.shutdownInput() / > Socket.shutdownOutput() and InputStream.close() / OutputStream.close() > performed half-cl

Re: RFR: 8282600: SSLSocketImpl should not use user_canceled workaround when not necessary

On Wed, 2 Mar 2022 19:04:26 GMT, zzambers wrote: > When testing compatibility of jdk TLS implementation with gnutls, I have > found a problem. The problem is, that gnutls does not like use of > user_canceled alert when closing TLS-1.3 connection from duplexCloseOutput() > (used by socket.close

Re: RFR: 8282600: SSLSocketImpl should not use user_canceled workaround when not necessary

On Wed, 9 Mar 2022 21:12:06 GMT, Bradford Wetmore wrote: >> When testing compatibility of jdk TLS implementation with gnutls, I have >> found a problem. The problem is, that gnutls does not like use of >> user_canceled alert when closing TLS-1.3 connection from duplexCloseOutput() >> (used by

Re: RFR: 8282529: Fix API Note in javadoc for javax.net.ssl.SSLSocket [v2]

On Sat, 12 Mar 2022 01:43:16 GMT, Bradford Wetmore wrote: >> @bradfordwetmore Your changes look good to me. When it comes to wording, >> I'll let that to native english speaker(s) to judge :) (As I am not native >> english speaker myself). I built docs locally and result looks good (also >> l