> This code change removes weak etypes from the default list so it's safer to
> enable one of them. See the corresponding CSR at
> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
> please review the CSR as well.
Weijun Wang has updated the pull request incrementally
On Fri, 24 Sep 2021 22:06:27 GMT, Valerie Peng wrote:
>> This is because MIT krb5 treats DES as weak and RC4 as deprecated. In Java,
>> we treat both as weak after JDK-8139348 (the title is "Deprecate 3DES and
>> RC4 in Kerberos" but this "deprecate" is not the same as the one in MIT
>> krb5).
On Fri, 24 Sep 2021 22:01:26 GMT, Valerie Peng wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>> please review the CSR as we
On Fri, 24 Sep 2021 21:59:04 GMT, Valerie Peng wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>> please review the CSR as we
On Fri, 24 Sep 2021 21:55:44 GMT, Valerie Peng wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>> please review the CSR as we
On Thu, 23 Sep 2021 14:32:01 GMT, Weijun Wang wrote:
> This code change removes weak etypes from the default list so it's safer to
> enable one of them. See the corresponding CSR at
> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
> please review the CSR as well.
On Thu, 23 Sep 2021 14:32:01 GMT, Weijun Wang wrote:
> This code change removes weak etypes from the default list so it's safer to
> enable one of them. See the corresponding CSR at
> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
> please review the CSR as well.
On Fri, 24 Sep 2021 21:38:39 GMT, Weijun Wang wrote:
>> src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/EType.java
>> line 101:
>>
>>> 99: if (allowWeakCrypto) {
>>> 100: result[num++] = EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD;
>>> 101: r
On Thu, 23 Sep 2021 14:32:01 GMT, Weijun Wang wrote:
> This code change removes weak etypes from the default list so it's safer to
> enable one of them. See the corresponding CSR at
> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
> please review the CSR as well.
On Fri, 24 Sep 2021 19:33:12 GMT, Sean Mullan wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>> please review the CSR as wel
On Fri, 24 Sep 2021 19:49:14 GMT, Sean Mullan wrote:
>> This code change removes weak etypes from the default list so it's safer to
>> enable one of them. See the corresponding CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
>> please review the CSR as wel
On Thu, 23 Sep 2021 14:32:01 GMT, Weijun Wang wrote:
> This code change removes weak etypes from the default list so it's safer to
> enable one of them. See the corresponding CSR at
> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW,
> please review the CSR as well.
On Tue, 7 Sep 2021 22:31:30 GMT, Smita Kamath wrote:
> Performance dropped up to 10% for 1k data after 8267125 for CPUs that do not
> support the new intrinsic. Tests run were crypto.full.AESGCMBench and
> crypto.full.AESGCMByteBuffer from the jmh micro benchmarks.
>
> The problem is each inst
On Wed, 22 Sep 2021 22:48:32 GMT, Smita Kamath wrote:
>> Performance dropped up to 10% for 1k data after 8267125 for CPUs that do not
>> support the new intrinsic. Tests run were crypto.full.AESGCMBench and
>> crypto.full.AESGCMByteBuffer from the jmh micro benchmarks.
>>
>> The problem is eac
On Thu, 23 Sep 2021 20:42:48 GMT, Andrey Turbanov
wrote:
> There are few places in code where manual `for` loop is used with Iterator to
> iterate over Collection.
> Instead of manual `for` cycles it's preferred to use enhanced-for cycle
> instead: it's less verbose, makes code easier to read
On Thu, 23 Sep 2021 20:31:16 GMT, Andrey Turbanov
wrote:
>> Usage of thread-safe collection Vector is unnecessary. It's recommended to
>> use ArrayList if a thread-safe implementation is not needed.
>
> Andrey Turbanov has updated the pull request incrementally with one
> additional commit sin
On Wed, 22 Sep 2021 22:48:32 GMT, Smita Kamath wrote:
>> Performance dropped up to 10% for 1k data after 8267125 for CPUs that do not
>> support the new intrinsic. Tests run were crypto.full.AESGCMBench and
>> crypto.full.AESGCMByteBuffer from the jmh micro benchmarks.
>>
>> The problem is eac
On Thu, 23 Sep 2021 20:42:48 GMT, Andrey Turbanov
wrote:
> There are few places in code where manual `for` loop is used with Iterator to
> iterate over Collection.
> Instead of manual `for` cycles it's preferred to use enhanced-for cycle
> instead: it's less verbose, makes code easier to read
On Thu, 23 Sep 2021 20:31:16 GMT, Andrey Turbanov
wrote:
>> Usage of thread-safe collection Vector is unnecessary. It's recommended to
>> use ArrayList if a thread-safe implementation is not needed.
>
> Andrey Turbanov has updated the pull request incrementally with one
> additional commit sin
On Thu, 23 Sep 2021 20:42:48 GMT, Andrey Turbanov
wrote:
> There are few places in code where manual `for` loop is used with Iterator to
> iterate over Collection.
> Instead of manual `for` cycles it's preferred to use enhanced-for cycle
> instead: it's less verbose, makes code easier to read
On Fri, 24 Sep 2021 08:01:07 GMT, Daniel JeliĆski
wrote:
> The default list of providers defined in java.security file can be overridden
> with a custom file, declared with
> `-Djava.security.properties=/path/to/custom.security` command line parameter.
> If the new list of providers is shorter
On Thu, 23 Sep 2021 16:52:07 GMT, Alexey Bakhtin wrote:
> The code change handles KDC_ERR_SVC_UNAVAILABLE error code (29) received from
> KDC and resends the initial request to the next KDC in the list. It aligns
> error code handling with the MIT Kerberos implementation.
> sun/security/krb5 te
On Fri, 24 Sep 2021 05:33:46 GMT, Alexey Bakhtin wrote:
>> The code change handles KDC_ERR_SVC_UNAVAILABLE error code (29) received
>> from KDC and resends the initial request to the next KDC in the list. It
>> aligns error code handling with the MIT Kerberos implementation.
>> sun/security/krb
On Thu, 23 Sep 2021 20:42:48 GMT, Andrey Turbanov
wrote:
> There are few places in code where manual `for` loop is used with Iterator to
> iterate over Collection.
> Instead of manual `for` cycles it's preferred to use enhanced-for cycle
> instead: it's less verbose, makes code easier to read
The default list of providers defined in java.security file can be overridden
with a custom file, declared with
`-Djava.security.properties=/path/to/custom.security` command line parameter.
If the new list of providers is shorter than the original one, it is necessary
to add an empty entry to te
25 matches
Mail list logo
