> Existing legacy mechanism check disables mechanism(s) when the support is > partial, e.g. supports decryption but not encryption, or supports > verification but not signing. Some mechanisms can be used for both > encryption/decryption and sign/verify such as RSA related ones. If the > particular mechanism supports sign/verify/decryption but not encryption, it'd > be disabled as a result. Fine tune the legacy mechanism check with the > service type, i.e. supports encryption for Cipher, sign for Signature, so > the mechanism is disabled based on the service type. > For completeness sake, I also added a PKCS11 provider configuration option to > control this check (default is true, disable mechanisms with partial support).
Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: Update to match CSR for disableLegacy -> allowLegacy name change ------------- Changes: - all: https://git.openjdk.org/jdk/pull/18387/files - new: https://git.openjdk.org/jdk/pull/18387/files/f0cc775e..1fa05b2f Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=18387&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=18387&range=00-01 Stats: 8 lines in 2 files changed: 0 ins; 0 del; 8 mod Patch: https://git.openjdk.org/jdk/pull/18387.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/18387/head:pull/18387 PR: https://git.openjdk.org/jdk/pull/18387
