Re: RFR: 8259709: Disable SHA-1 XML Signatures [v2]

2021-03-04 Thread Sean Mullan
> Please review this change to disable XML signatures that use SHA-1 based > digest or signature algorithms. SHA-1 is weak and is not a recommended > algorithm for digital signatures. This will improve out of the box security > by restricting XML signatures that use SHA-1 algorithms. > > CSR: h

Re: RFR: 8259709: Disable SHA-1 XML Signatures

2021-02-24 Thread Weijun Wang
On Wed, 24 Feb 2021 22:02:45 GMT, Sean Mullan wrote: > > All test changes are about re-enabling disabled algorithms. Do we have a > > test on ensuring disabled algorithms are indeed disabled? How about we set > > "org.jcp.xml.dsig.secureValidation" to false everywhere in the existing > > tests

Re: RFR: 8259709: Disable SHA-1 XML Signatures

2021-02-24 Thread Sean Mullan
On Fri, 19 Feb 2021 22:36:24 GMT, Weijun Wang wrote: > All test changes are about re-enabling disabled algorithms. Do we have a test > on ensuring disabled algorithms are indeed disabled? How about we set > "org.jcp.xml.dsig.secureValidation" to false everywhere in the existing tests > and add

Re: RFR: 8259709: Disable SHA-1 XML Signatures

2021-02-24 Thread Sean Mullan
On Mon, 22 Feb 2021 03:42:23 GMT, Weijun Wang wrote: >> Please review this change to disable XML signatures that use SHA-1 based >> digest or signature algorithms. SHA-1 is weak and is not a recommended >> algorithm for digital signatures. This will improve out of the box security >> by restri

Re: RFR: 8259709: Disable SHA-1 XML Signatures

2021-02-21 Thread Weijun Wang
On Mon, 8 Feb 2021 20:46:41 GMT, Sean Mullan wrote: > Please review this change to disable XML signatures that use SHA-1 based > digest or signature algorithms. SHA-1 is weak and is not a recommended > algorithm for digital signatures. This will improve out of the box security > by restricting

Re: RFR: 8259709: Disable SHA-1 XML Signatures

2021-02-19 Thread Weijun Wang
On Tue, 9 Feb 2021 21:04:00 GMT, Weijun Wang wrote: >> Please review this change to disable XML signatures that use SHA-1 based >> digest or signature algorithms. SHA-1 is weak and is not a recommended >> algorithm for digital signatures. This will improve out of the box security >> by restric

Re: RFR: 8259709: Disable SHA-1 XML Signatures

2021-02-09 Thread Weijun Wang
On Mon, 8 Feb 2021 20:46:41 GMT, Sean Mullan wrote: > Please review this change to disable XML signatures that use SHA-1 based > digest or signature algorithms. SHA-1 is weak and is not a recommended > algorithm for digital signatures. This will improve out of the box security > by restricting

Re: RFR: 8259709: Disable SHA-1 XML Signatures

2021-02-08 Thread Rajan Halade
On Mon, 8 Feb 2021 20:46:41 GMT, Sean Mullan wrote: > Please review this change to disable XML signatures that use SHA-1 based > digest or signature algorithms. SHA-1 is weak and is not a recommended > algorithm for digital signatures. This will improve out of the box security > by restricting