SHA1 deprecation for codesigning? (Was: RFR : 8038837:Add support to jarsigner for specifying timestamp hash algorithm)

2016-01-27 Thread ecki
BTW, is there any SHA1 deprecation planned/expected for JNLP code signing? -- http://bernd.eckenfels.net -Original Message- From: "Seán Coffey" To: "security-dev@openjdk.java.net" Sent: Mi., 27 Jan. 2016 17:40 Subject: RFR :

RFC 7627 functionality (session hash and extended master secret extension) in JSSE?

2016-01-27 Thread coderaptor
When would the TLS protocol changes as defined by RFC 7627 be committed to JSSE? So far my search has turned up nothing (no open feature request or bug on OpenJDK, nor anything in web-searches). I realize the RFC was finalized fairly recent, and the mitigation has been in JSSE for a while now.

Re: SHA1 deprecation for codesigning? (Was: RFR : 8038837:Add support to jarsigner for specifying timestamp hash algorithm)

2016-01-27 Thread Sean Mullan
On 01/27/2016 11:43 AM, e...@zusammenkunft.net wrote: BTW, is there any SHA1 deprecation planned/expected for JNLP code signing? Yes. We are working on a plan for restricting certificates signed with SHA-1 and other use cases, but don't have any dates to share yet. Thanks, Sean

Re: RFR: 8098581 SecureRandom.nextBytes() hurts performance with small size requests

2016-01-27 Thread Valerie Peng
Changes look fine except for the following nit: NativePRNG.java: mark all constants final. Thanks, Valerie On 12/1/2015 3:44 PM, Anthony Scarpino wrote: Hi all, I'd like a review of this change. It improves nextBytes() performance by allowing the random buffer to grow and shrink as random

Re: RFR 8147400: Deprecate policytool

2016-01-27 Thread Sean Mullan
Looks good to me. --Sean On 01/26/2016 04:56 AM, Wang Weijun wrote: Hi All Please review the patch below. Every change after line 873 is adding "@SuppressWarnings("deprecation")" to a top-level class that references the PolicyTool class. I wish they were static inner classes. We also

RFR : 8038837:Add support to jarsigner for specifying timestamp hash algorithm

2016-01-27 Thread Seán Coffey
Hi, I'd like to backport this enhancement to JDK 8u. It's been approved via CCC process already. The fix differs to that in JDK 9 in that I've chosen not to update the JDK 9 deprecated ContentSignerParameters interface. That was a request from Dev engineer. For jdk8u, the tSAPolicyID