On Thu, 24 Sep 2020 19:48:45 GMT, Weijun Wang <wei...@openjdk.org> wrote:

>> Anthony Scarpino has updated the pull request incrementally with one 
>> additional commit since the last revision:
>> 
>>   change exception for ec keyagreement
>>   fix supportedcurves in SunEC
>
> src/java.base/share/conf/security/java.security line 636:
> 
>> 634: #
>> 635: jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, 
>> \
>> 636:     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
> 
> `jdk.disabled.namedCurves` still exists. If someone decides to add a curve 
> there, shouldn't it be also disabled here?

jdk.disabled.namedCurves is commented out and I don't think it's good for every 
operation disabled algorithms call to
check an empty property.  The description for the disabledAlgorithm properties 
say you have to use "include", so I
don't think it is necessary to we keep it active..

-------------

PR: https://git.openjdk.java.net/jdk/pull/289

Reply via email to