On Thu, 2 Jan 2025 14:41:48 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> Periodically, we review the security algorithm requirements to see if new > algorithms should be added or existing ones should be removed. The > requirements are intended to improve interoperability across different SE > implementations by requiring a set of commonly used algorithms. The > algorithms are not always based on the strength of the algorithm; the > requirements are also based on how common the algorithms are, so some weaker > algorithms are still on the list in order to support legacy use cases. > > Add TLSv1.3 to the list of requirements. TLSv1.3 is the most secure protocol > version and is in wide use. Add all cryptographic algorithms that are needed > to implement the TLSv1.3 cipher suites and signature mechanisms defined by > https://www.rfc-editor.org/rfc/rfc8446 as MUST or SHOULD requirements. Also > add algorithms that are required by CNSA 1.0, which was added in JDK 19: > https://bugs.openjdk.org/browse/JDK-8267319. > > No required algorithms or protocols are being removed at this time. > > See the CSR for the complete list of new requirements: > https://bugs.openjdk.org/browse/JDK-8346684 These changes look good to me. ------------- Marked as reviewed by jnimeh (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/22904#pullrequestreview-2527776372
