On Thu, 24 Sep 2020 21:15:34 GMT, Anthony Scarpino <ascarp...@openjdk.org> wrote:
>> src/java.base/share/conf/security/java.security line 636: >> >>> 634: # >>> 635: jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage >>> TLSServer, \ >>> 636: RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 >> >> `jdk.disabled.namedCurves` still exists. If someone decides to add a curve >> there, shouldn't it be also disabled here? > > jdk.disabled.namedCurves is commented out and I don't think it's good for > every operation disabled algorithms call to > check an empty property. The description for the disabledAlgorithm > properties say you have to use "include", so I > don't think it is necessary to we keep it active.. I just think this is an unnecessary behavior change. After all, the purpose of `jdk.disabled.namedCurves` is to be included in other disabledAlgorithms properties. No strong opinion on this. Please decide yourself. ------------- PR: https://git.openjdk.java.net/jdk/pull/289