On Fri, 18 Jul 2025 16:37:25 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> The Security Algorithm Implementation Requirements will be updated as follows: > > The following algorithms will be removed from the list of required algorithms > as they are no longer recommended, and should not be in wide usage anymore: > > AlgorithmParameters: DESede > Cipher: > DESede/CBC/NoPadding > DESede/CBC/PKCS5Padding > DESede/ECB/NoPadding > DESede/ECB/PKCS5Padding > RSA/ECB/PKCS1Padding > KeyGenerator: DESede > SecretKeyFactory: DESede > > The following PBES2 algorithms will be added as new requirements. These are > modern password-based encryption, mac and key derivation algorithms defined > in PKCS #5 version 2.1 ([RFC 8018](https://www.rfc-editor.org/rfc/rfc8018)): > > AlgorithmParameters: > PBEWithHmacSHA256AndAES_128 > PBEWithHmacSHA256AndAES_256 > Cipher: > PBEWithHmacSHA256AndAES_128 > PBEWithHmacSHA256AndAES_256 > Mac: > PBEWithHmacSHA256 > SecretKeyFactory: > PBEWithHmacSHA256AndAES_128 > PBEWithHmacSHA256AndAES_256 > PBKDF2WithHmacSHA256 This pull request has now been integrated. Changeset: 06fdb61e Author: Sean Mullan <mul...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/06fdb61e1cdc9abf9ac4fa62fd63992d298baffa Stats: 13 lines in 5 files changed: 5 ins; 5 del; 3 mod 8361964: Remove outdated algorithms from requirements and add PBES2 algorithms Reviewed-by: hchao ------------- PR: https://git.openjdk.org/jdk/pull/26392
