On Tue, 15 Mar 2022 16:00:41 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Tue, 15 Mar 2022 16:00:41 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value
On Tue, 15 Mar 2022 10:24:43 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>> line 102:
>>
>>> 100: propPrefix + "reEnabledAlgorithms";
>>> 101:
>>> 102: private static final Set disabledAlgorithms = new
>>>
On Fri, 11 Mar 2022 18:12:27 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> update after second review round
>
>
On Mon, 14 Mar 2022 13:26:34 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value
On Fri, 11 Mar 2022 17:37:44 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value
On Thu, 10 Mar 2022 16:50:05 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/java/net/doc-files/net-properties.html line 234:
>>
>>> 232: in the {@code java.security} properties file and currently
>>> comprises {@code MD5} and
>>> 233: {@code SHA-1}. If it is still
On Fri, 11 Mar 2022 17:37:44 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Fri, 11 Mar 2022 17:37:44 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value
On Mon, 7 Mar 2022 14:41:47 GMT, Weijun Wang wrote:
>> 2nd test of https://datatracker.ietf.org/doc/html/rfc7616#section-3.9 is on
>> this algorithm, but it requires UTF-8 charset support and a way to provide a
>> predefined cnonce. If it's not worth modifying our implementation to create
>>
On Thu, 10 Mar 2022 15:02:17 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
>
On Thu, 10 Mar 2022 16:43:23 GMT, Michael McMahon wrote:
>> src/java.base/share/conf/security/java.security line 711:
>>
>>> 709: # separated list of algorithms to be allowed.
>>> 710: #
>>> 711: jdk.httpdigest.defaultDisabledAlgorithms = MD5, MD-5, SHA1, SHA-1
>>
>> I haven't seen people
On Thu, 10 Mar 2022 14:26:28 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
>
On Thu, 10 Mar 2022 14:21:41 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/conf/security/java.security line 711:
>
>>
On Wed, 9 Mar 2022 14:23:38 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Thu, 10 Mar 2022 10:48:09 GMT, Michael McMahon wrote:
>> Maybe `String.trim()` should be called on each element after splitting
>> instead: you want to remove spaces before and after commas, not necessarily
>> spaces within a name. "MD 5, SHA-256" probably shouldn't be parsed as
>>
On Thu, 10 Mar 2022 10:54:52 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>> line 82:
>>
>>> 80: @SuppressWarnings("removal")
>>> 81: String secprops = AccessController.doPrivileged(
>>> 82: new
On Wed, 9 Mar 2022 15:41:08 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
>
On Wed, 9 Mar 2022 15:18:43 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
>
On Wed, 9 Mar 2022 14:23:24 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
>
On Wed, 9 Mar 2022 15:53:02 GMT, Daniel Fuchs wrote:
>> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>> line 85:
>>
>>> 83: public String run() {
>>> 84: return Security.getProperty(secPropName)
>>> 85:
On Wed, 9 Mar 2022 15:18:02 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
>
On Wed, 9 Mar 2022 14:23:38 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Wed, 9 Mar 2022 14:23:38 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Wed, 9 Mar 2022 14:23:38 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Mon, 7 Mar 2022 20:35:13 GMT, Sean Mullan wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
>
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Mon, 7 Mar 2022 14:22:58 GMT, Weijun Wang wrote:
>> Okay, I'll double check that. I haven't found any server implementations of
>> this feature to test with yet,
>
> 2nd test of https://datatracker.ietf.org/doc/html/rfc7616#section-3.9 is on
> this algorithm, but it requires UTF-8 charset
On Mon, 7 Mar 2022 11:01:16 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>> line 670:
>>
>>> 668: if (truncate256) {
>>> 669: assert digest.length >= 32;
>>> 670: start = digest.length - 32;
>>
On Sat, 5 Mar 2022 15:07:15 GMT, Jaikiran Pai wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
@openjdk.java.net
Betreff: Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by
default
On Fri, 4 Mar 2022 14:59:48 GMT, Weijun Wang wrote:
Hi,
Could I get the following change reviewed please, which is to
disable the MD5 message digest algorithm by default in the HTTP
Digest authentication
://bernd.eckenfels.net
Von: net-dev im Auftrag von Michael
McMahon
Gesendet: Monday, March 7, 2022 12:04:02 PM
An:net-dev@openjdk.java.net
Betreff: Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by default
On Fri, 4 Mar 2022 14:59:48 GMT, Weijun Wang wrote:
Hi
On Fri, 4 Mar 2022 16:26:52 GMT, Weijun Wang wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
Bernd
--
http://bernd.eckenfels.net
Von: net-dev im Auftrag von Michael McMahon
Gesendet: Monday, March 7, 2022 12:04:02 PM
An: net-dev@openjdk.java.net
Betreff: Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by default
On Fri, 4 Mar 2022 14:59:48 GMT
On Fri, 4 Mar 2022 14:59:48 GMT, Weijun Wang wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
://bernd.eckenfels.net
Von: Michael McMahon
Gesendet: Friday, March 4, 2022 4:07:49 PM
An: Bernd Eckenfels ; net-dev@openjdk.java.net
Betreff: Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by default
Bernd,
If I understand you correctly
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
ate
won’t change the behavior? (If there is no negotiation?)
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: net-dev im Auftrag von Michael
McMahon
Gesendet: Friday, March 4, 2022 1:33:06 PM
An:net-dev@openjdk.java.net
Betreff: Re: RFR: 8281561: Disable http DIGEST
On Fri, 4 Mar 2022 14:39:50 GMT, Jaikiran Pai wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Fri, 4 Mar 2022 14:06:14 GMT, Daniel Fuchs wrote:
>> src/java.base/share/classes/java/net/doc-files/net-properties.html line 227:
>>
>>> 225: name.
>>> 226:
>>> 227:{@systemProperty http.auth.digest.reEnabledAlgs}
>>> (default: none)
>>
>> Hello Michael, from
On Fri, 4 Mar 2022 14:11:00 GMT, Jaikiran Pai wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 13:50:37 GMT, Jaikiran Pai wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
: 8281561: Disable http DIGEST mechanism with MD5 by default
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 13:13:47 GMT, Daniel Fuchs wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 12:29:28 GMT, Michael McMahon wrote:
> > So, maybe, we could have a 2nd net property with the default disabled
> > algorithms and in net.properties we identify MD5 only for now. Users could
> > add to that list if they want or even specify it on the command line. I
> >
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 12:12:25 GMT, Daniel Fuchs wrote:
> > I considered that and implemented it that way at the start, but what you
> > would end up with then is users running their code with something like:
> > -DdisabledAlgNames=""
> > I find that style leads to a much less explicit "opting
On Fri, 4 Mar 2022 12:03:44 GMT, Michael McMahon wrote:
> I considered that and implemented it that way at the start, but what you
> would end up with then is users running their code with something like:
> -DdisabledAlgNames=""
>
> I find that style leads to a much less explicit "opting in"
On Fri, 4 Mar 2022 11:25:38 GMT, Daniel Fuchs wrote:
> Should we instead have a property to disable algorithms, whose default value
> would contain "MD5" by default?
I considered that and implemented it that way at the start, but what you would
end up with then is users running their code
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
Hi,
Could I get the following change reviewed please, which is to disable the MD5
message digest algorithm by default in the HTTP Digest authentication
mechanism? The algorithm can be opted into by setting a new system property
"http.auth.digest.enabledDigestAlgs" to include the value MD5. The
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
64 matches
Mail list logo