On Fri, 4 Mar 2022 13:50:37 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
>> Hi, >> >> Could I get the following change reviewed please, which is to disable the >> MD5 message digest algorithm by default in the HTTP Digest authentication >> mechanism? The algorithm can be opted into by setting a new system property >> "http.auth.digest.reEnabledAlgs" to include the value MD5. The change also >> updates the Digest authentication implementation to use some of the more >> secure features defined in RFC7616, such as username hashing and additional >> digest algorithms like SHA256 and SHA512-256. >> >> - Michael > > src/java.base/share/classes/java/net/doc-files/net-properties.html line 227: > >> 225: name.</P> >> 226: </OL> >> 227: <LI><P><B>{@systemProperty http.auth.digest.reEnabledAlgs}</B> >> (default: <none>)<BR> > > Hello Michael, from what I understand of `doc-files` directory (which is > where this html file resides) the `javadoc` tool considers it an unprocessed > files location[1]. So would adding the `systemProperty` javadoc taglet here > be necessary? I think this won't end up being listed in the system properties > index generated by the javadoc tool and I think this line here will just get > rendered literally. > > [1] https://docs.oracle.com/javase/8/docs/technotes/tools/windows/javadoc.html This actually seems to work. If you build the docs for JDK mainline, you can search for instance, for `http.keepAlive.time.proxy` in the javadoc search box and it will lead you `net-properties.html`. ------------- PR: https://git.openjdk.java.net/jdk/pull/7688