> Hi, > > Could I get the following change reviewed please, which is to disable the MD5 > message digest algorithm by default in the HTTP Digest authentication > mechanism? The algorithm can be opted into by setting a new system property > "http.auth.digest.reEnabledAlgs" to include the value MD5. The change also > updates the Digest authentication implementation to use some of the more > secure features defined in RFC7616, such as username hashing and additional > digest algorithms like SHA256 and SHA512-256. > > - Michael
Michael McMahon has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 25 additional commits since the last revision: - merge branch 'master' into md5 - Merge branch 'master' into md5 - forgot update to DigestAuth test - latest update - Merge branch 'master' into md5 - delete .swp file - incomplete test update - made disabledAlgorithms immutable - Merge branch 'master' into md5 - update after third review round - ... and 15 more: https://git.openjdk.java.net/jdk/compare/a77604cd...946142f3 ------------- Changes: - all: https://git.openjdk.java.net/jdk/pull/7688/files - new: https://git.openjdk.java.net/jdk/pull/7688/files/b2095e02..946142f3 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7688&range=08 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7688&range=07-08 Stats: 92145 lines in 1153 files changed: 75778 ins; 14325 del; 2042 mod Patch: https://git.openjdk.java.net/jdk/pull/7688.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/7688/head:pull/7688 PR: https://git.openjdk.java.net/jdk/pull/7688