On Mon, 14 Mar 2022 13:26:34 GMT, Michael McMahon <micha...@openjdk.org> wrote:
>> Hi, >> >> Could I get the following change reviewed please, which is to disable the >> MD5 message digest algorithm by default in the HTTP Digest authentication >> mechanism? The algorithm can be opted into by setting a new system property >> "http.auth.digest.reEnabledAlgs" to include the value MD5. The change also >> updates the Digest authentication implementation to use some of the more >> secure features defined in RFC7616, such as username hashing and additional >> digest algorithms like SHA256 and SHA512-256. >> >> - Michael > > Michael McMahon has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains 17 additional > commits since the last revision: > > - Merge branch 'master' into md5 > - update after third review round > - removed swp file > - update after second review round > - update > - update after first review round > - fix whitespace > - update property name. add documentation > - fixed one more test > - fixed up existing tests using digest auth > - ... and 7 more: > https://git.openjdk.java.net/jdk/compare/4bef4cc9...c55fdd94 LGTM now. It will be even nicer if the known answer tests in RFC 7616 can be included. ------------- Marked as reviewed by weijun (Reviewer). PR: https://git.openjdk.java.net/jdk/pull/7688