On Fri, 4 Mar 2022 13:50:37 GMT, Jaikiran Pai <[email protected]> wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system property
>> "http.auth.digest.reEnabledAlgs" to include the value MD5. The change also
>> updates the Digest authentication implementation to use some of the more
>> secure features defined in RFC7616, such as username hashing and additional
>> digest algorithms like SHA256 and SHA512-256.
>>
>> - Michael
>
> src/java.base/share/classes/java/net/doc-files/net-properties.html line 227:
>
>> 225: name.</P>
>> 226: </OL>
>> 227: <LI><P><B>{@systemProperty http.auth.digest.reEnabledAlgs}</B>
>> (default: <none>)<BR>
>
> Hello Michael, from what I understand of `doc-files` directory (which is
> where this html file resides) the `javadoc` tool considers it an unprocessed
> files location[1]. So would adding the `systemProperty` javadoc taglet here
> be necessary? I think this won't end up being listed in the system properties
> index generated by the javadoc tool and I think this line here will just get
> rendered literally.
>
> [1] https://docs.oracle.com/javase/8/docs/technotes/tools/windows/javadoc.html
This actually seems to work. If you build the docs for JDK mainline, you can
search for instance, for `http.keepAlive.time.proxy` in the javadoc search box
and it will lead you `net-properties.html`.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7688
