On Fri, 29 Apr 2022 19:42:27 GMT, Hai-May Chao <[email protected]> wrote:
>> Please review these changes to add DES/3DES/MD5 to
>> `jdk.security.legacyAlgorithms` security property, and to add the legacy
>> algorithm constraint checking to `keytool` commands that are associated with
>> secret key entries stored in the keystore. These `keytool` commands are
>> -genseckey, -importpass, -list, and -importkeystore. As a result, `keytool`
>> will be able to generate warnings when it detects that the secret key based
>> algorithms and PBE based Mac and cipher algorithms are weak. Also removes
>> the "This algorithm will be disabled in a future update.” from the existing
>> warnings for the asymmetric keys/certificates.
>> Will also file a CSR.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Updated spec in java.security
test/jdk/sun/security/tools/keytool/WeakSecretKeyTest.java line 66:
> 64: .shouldContain("Warning")
> 65: .shouldMatch("<des3key> uses the DESede
> algorithm.*considered a security risk")
> 66: .shouldMatch("<deskey> uses the DES/CBC
> algorithm.*considered a security risk")
Please update "DES/CBC" to "DES". I've just fixed it with
https://github.com/openjdk/jdk/commit/50a4df87c87febdf5fa8561b7d0d21b8d6623943.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8300
