AW: [External] : Re: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

Thank you, Sean, for your review and all your help! Best regards, Martin Von: Seán Coffey Datum: Freitag, 28. Mai 2021 um 18:51 An: Doerr, Martin , jdk-updates-...@openjdk.java.net , security-dev , Hohensee, Paul Betreff: Re: [External] : Re: [11u] RFR: 8267599: Revert the change to the

Re: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

Hi, here’s my new webrev for reverting the pkcs12.macAlgorithm and macIterationCount changes from the JDK-8153005 backport: http://cr.openjdk.java.net/~mdoerr/8267599_revert_8153005_11u/webrev.01/ Oracle’s JBS issue:

AW: [External] : AW: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

Hi Sean, thank you very much! I was concerned to miss anything. But it is really that simple  I’ll prepare a new webrev. Best regards, Martin Von: Seán Coffey Datum: Freitag, 28. Mai 2021 um 16:36 An: Doerr, Martin , jdk-updates-...@openjdk.java.net , security-dev , Hohensee, Paul

AW: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

Hi Sean, thank you for your quick reply. I was already hoping to get such feedback. I had read the CSR and I had already thought that you guys didn’t revert the complete change. My problem is that I can’t see what exactly you have done. I’m concerned about making it insecure by creating a

Re: [External] : Re: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

Looks good! regards, Sean. On 28/05/2021 17:17, Doerr, Martin wrote: Hi, here’s my new webrev for reverting the pkcs12.macAlgorithm and macIterationCount changes from the JDK-8153005 backport:

Re: [External] : AW: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

here are the main changes that we pushed for JDK 11u: diff --git a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java index a62452bdcd..441f2b651e 100644 ---

Re: [11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

Martin, you seem to be suggesting a full revert of the JDK-8153005 changes. Note that the Oracle JDK changes only relate to to the default PKCS12 macAlgorithm and macIterationCount (back to HmacPBESHA1 and 10 respectively). While there are other interoperability concerns with the

[11u] RFR: 8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u

Hi, Oracle has reverted the changes from JDK-8153005 backport in 11.0.12-oracle for interoperability reasons. See: https://bugs.openjdk.java.net/browse/JDK-8267599 and CSR: https://bugs.openjdk.java.net/browse/JDK-8267701 I had to adapt the small test addition from JDK-8266293 (see "// 8266293"