() (which nobody
uses?!) did not improve things IMHO.
Bernd
PS: I think the webrev changed since then, but the mail from Brad describes
the problem well:
http://mail.openjdk.java.net/pipermail/security-dev/2013-January/006288.html
Am 14.07.2014 21:05 schrieb "Oleksandr Otenko" :
>
avoid
problems when the dev files are missing in some container/virtualisation
systems.
Greetings
Bernd
specify
GRND_RANDOM) but still only get bytes if the machine was seeded at boot
(and block or fail in those cases).
Greetings
Bernd
2014-10-06 18:26 GMT+02:00 Bradford Wetmore :
>
> Worth looking into, but no plans at the moment.
>
> Do you have a link?
>
> Brad
>
>
>
>
r backward
compatibility).
Gruss
Bernd
PS: testcode:
//Security.setProperty("jdk.tls.disabledAlgorithms", "");
System.out.printf("%s %s jdk.tls.disabledAlgorithms=%s%n",
System.getProperty("java.version", "?"),
sends
even 6k and 8k (standard) primes.
I see a comment in the source that the DH provider needs to be improved to
actually handle those. So I wonder if there are any plans for this? Is
there a good way to request it? Would filing a RFE on bugreport.java.com be
the right place?
Gruss
Bernd
.+
0010: AE 99 7D 3C 30 08 F4 00 F3 B0 A9 17 DE 0E B1 16
...<0...
0020: 0D 45 46 87 42 B0 83 68 FB 15 E9 79 D2 40 8C DA
.EF.B..h...y.@..
0030: 38 FF 76 52 1D 40 10 A0 BE 39 75 8B 79 F0 CD A1 8.vR.@
...9u.y...
0040: E1
}
},
]
}
]
}
)
...
javax.net.ssl|FINE|01|main|2020-08-11 01:45:23.288
CEST|Logger.java:765|Received alert message (
"Alert": {
"level" : "fatal",
"description": "protocol_version"
}
)
Gruss
Bernd
"secure" mechanisms like DIGEST-MD5
or different methods like GSSAPI or SIMPLE?
Gruss
Bernd
ECURITY_PRINCIPAL)) {
Gruss
Bernd
Am Mi., 21. Okt. 2020 um 18:21 Uhr schrieb Bernd :
> Hello,
>
> I am looking at 11.0.9 PSU (as of Zulu 11.43-sa) about the CVE-2020-14781
> / JDK-8237990 fix and try to understand if my customers might be
> affected.
>
> jdk.jndi.ldap.mechsAllo
'mechsAllowedToSendCredentials' is set to any value via system/context
environment properties+if (!isConnectionEncrypted() &&
(contextSeenStartTlsEnabled || anyPropertyIsSet)) {
Am Mi., 21. Okt. 2020 um 19:26 Uhr schrieb Bernd :
> BTW: the security patch looks like "simple" is s
DrbgSpec: A DRBG will be reseeded aotomatically
BTW: some places specify "optional" should this be defined as "empty byte
array or null"?
Gruss
Bernd
Wang Weijun schrieb am Mo., 9. Nov. 2015 21:04:
> Hi All
>
> The following is API/SPI to support NIST 800-90A DRB
or it:
https://community.letsencrypt.org/t/will-the-cross-root-cover-trust-by-the-default-list-in-the-jdk-jre/134/10
In that thread it is mentioned that there is an application for the Oracle
root cert program, so hopefully its just a matter of short time? Does it
help to nag? :)
Gruss
Bernd
plication. (And I guess it
would solve a few of the problems with alternative sign formats, with
unavailable smartcard stubs etc.
So any idea if we see CNG support any time soon, it is available since
Vista.
Gruss
Bernd
PS: can somebody extend the JIRA with my research (attribution welcome).
://hg.openjdk.java.net/jdk9/jdk9/jdk/file/c95ebfceb394/src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java#l150
Is it really acceptable for long term keys this way? (I guess no answer
means no :)
Would it be possible to bump the security level for keytool in 9?
Gruss
Bernd
) authentication. Does
anybody know how this can be used or how it was used? The
UnixSystem/UnixLoginModule counterpart does not have this provision.
Any generally is there a good use for the NTLoginModule, how would it be
used to actually enforce access control?
Gruss
Bernd
Is the PKCS5 Padding a real padding with GCM or only an ignored alias? If
it is an alias, should it be documented here?
2017-05-12 19:59 GMT+02:00 Sean Mullan :
> A couple of new required algorithms for JDK 9 were accidentally omitted
> for the Cipher class as part of JDK-8015388. Docs only chang
is also apply to client side? I have not
tested it with RSA certificates, but I would expect this to be the same.
Gruss
Bernd
PS: config file and openssl commands to create multiple ECC certificates
used for this test:
https://gist.github.com/ecki/d66d79bf0cf12872d015804f5edec6e4
I noticed there is a bug (8177657,etc) about stricter DER checking on JDK
Certificate code. I have an JKS Keystore which no longer can be opened
because of that.
I understand that the strict parsing has to stay for public keys, however I
wonder if anything can be done about loading the other keys
/53142e39bfa7/src/java.base/share/classes/sun/security/x509/AVA.java
Gruss
Bernd
in, I will test that later on.
Gruss
Bernd
2017-06-12 13:29 GMT+02:00 Sean Mullan :
> Hi Bernd,
>
> This issue should be fixed in 8u131. Can you try that and let us know?
>
> --Sean
>
>
> On 6/9/17 10:18 PM, Bernd wrote:
>
>> I noticed there is a bug (8177
I think the new bug description is backward, as you cannot expect to
implement all algorithms in all providers or use a key class fron one
provider in antoher (especially not if they use mechanisms in external APIs
like PKCS11 or MSCAPI with HSM).
"Crypto keys should be compatible between security
sections like that like before.
Gruss
Bernd
Hello,
one more thing:
2017-07-19 14:01 GMT+02:00 Bernd :
> I think different jarsigner versions behave differently, some remove that
> section.
>
It is actually not "different jarsigner versions", but we have our own jar
signer implementation (used for self signed test
.
Gruss
Bernd
2017-07-20 15:49 GMT+02:00 Adam Petcher :
> Oops. Better to throw an IOException when a negative length is given to
> readFully.
>
> Webrev: http://cr.openjdk.java.net/~apetcher/8183591/webrev.02/
>
>
>
> On 7/18/2017 1:55 PM, Adam Petcher wrote:
>
>&
es of where limited would be needed?
Gruss
Bernd
.net/jdk8u/jdk8u/hotspot/file/tip/src/share/vm/runtime/os.cpp#l1197
Gruss
Bernd
works, BCProv is not yet modularized or service
loader enabled. Classpath and programmatic registration works fine).
Is that correct?
Gruss
Bernd
On Thu, 27 Jan 2022 22:06:21 GMT, Xue-Lei Andrew Fan wrote:
> This update is to support signature schemes customization for individual
> (D)TLS connection. Please review the CSR as well:
> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
> RFE: https://bugs.openjdk.java.net/browse/JDK-8280
On Sat, 29 Jan 2022 05:31:08 GMT, Xue-Lei Andrew Fan wrote:
>> src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 763:
>>
>>> 761:
>>> 762: String[] tempSchemes = signatureSchemes.clone();
>>> 763: for (String scheme : tempSchemes) {
>>
>> In addition to this loo
On Tue, 12 Apr 2022 19:03:40 GMT, Mat Carter wrote:
> On Windows you can now access the local machine keystores using the strings
> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
> application requires admin privileges.
>
> "Windows-MY" and "Windows-ROOT" remain unchanged,
On Tue, 12 Apr 2022 19:03:40 GMT, Mat Carter wrote:
> On Windows you can now access the local machine keystores using the strings
> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
> application requires admin privileges.
>
> "Windows-MY" and "Windows-ROOT" remain unchanged,
On Wed, 27 Apr 2022 02:21:07 GMT, Bernd wrote:
>> On Windows you can now access the local machine keystores using the strings
>> "Windows-MY-LOCALMACHINE" and "Windows-ROOT-LOCALMACHINE"; note the
>> application requires admin privileges.
>>
>>
ull
log global null
log ALL
JUL close
JUL close
...
I get the same output with -Djava.net.debug=all and -Djava.net.debug. Looks
like the SSLContextImpl or Dinished.java is always using its own logger
with no way to register an handler?
Gruss
Bernd
PS: the sample code is here:
/* SPDX-License-Ide
le names from untrusted
user input (including uncompressing ZIP files).
Gruss
Bernd
)) will crash Windows immediatelly.
I verified this on the latest Windows Server 2019 January Security Update.
var bad = ".\\globalroot\\device\\condrv\\kernelconnect"
Gruss
Bernd
Am Mo., 18. Jan. 2021 um 01:39 Uhr schrieb Bernd :
> Hello,
>
> you might have seen the
changed if minsize 2048 is
set and/or if size agreement is in place.
Gruss
Bernd
On Sat, 23 Oct 2021 00:40:39 GMT, Weijun Wang wrote:
>> New `Subject` APIs `current()` and `callAs()` are created to be replacements
>> of `getSubject()` and `doAs()` since the latter two methods are now
>> deprecated for removal.
>>
>> In this implementation, by default, `current()` returns t
On Fri, 22 Oct 2021 22:00:57 GMT, Bernd wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> renames
>
> src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java
> li
On Mon, 25 Oct 2021 17:58:15 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/javax/security/auth/Subject.java line 325:
>>
>>> 323:
>>> 324: // Store the current subject to a ThreadLocal when a system
>>> property is set.
>>> 325: private static final boolean USE_TL = "true".equ
On Mon, 25 Oct 2021 18:08:19 GMT, Weijun Wang wrote:
>> src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Context.java
>> line 708:
>>
>>> 706: @SuppressWarnings("removal")
>>> 707: final Subject subject =
>>> 708:
many
situations it would be good to actually know about padding errors).
Bernd
--
http://bernd.eckenfels.net
Should the comment describe the expected oid format for the string (Numeric
only?) and mention a defining reference (RFC3161)?
I havent found some sample OIDs used here, which are common?
BTW: why is it linked to the URL?
Bernd
--
bernd.eckenfels.net
Am 12.04.2013 um 02:34 schrieb Weijun
Hello,
Will answer in detail, but just make sure People are Not confused: the TSA
seems to be fixed meanwhile.
Gruss
Bernd
--
bernd.eckenfels.net
Am 15.04.2013 um 05:40 schrieb Xuelei Fan :
> On 1/21/2013 7:25 AM, Bernd Eckenfels wrote:
>> Hello,
>>
>> quite some time
).
Bernd
--
bernd.eckenfels.net
Am 29.05.2013 um 17:39 schrieb Xuelei Fan :
> Hi,
>
> This fix is an enhancement to add the ability in JSSE server side to
> reject client initialized renegotiation.
>
> webrev: http://cr.openjdk.java.net/~xuelei/7188658/webrev.00/
>
> Thanks,
> Xuelei
. I was expecting 7188658 to address
another point, but I might be wrong.
I understand that as of Oracle policy we cannot discuss it. Even if this
is a very well known issue. :-/
Greetings
Bernd
--
http://bernd.eckenfels.net
Date Created: Mon Nov 12 12:13:08 MST 2012
Type:bug
Customer Name
you want to output the stack trace, it should be done
inside those two handlers.
BTW: Is somebody really using this?
Greetings
Bernd
Am 27.06.2013, 22:33 Uhr, schrieb :
Changeset: 6729f7ef94cd
Author:smarks
Date: 2013-06-27 13:35 -0700
URL: http://hg.openjdk.java.net/jdk8/tl
all ciphersuites after initial handshake). You dont need to add code if
you dont offer more (i.e. ignore) options.
Greetings
Bernd
PS: and regarding the naming a question, is "JSSE" the name of the Sun
implementaion or of the Specification?
--
http://bernd.eckenfels.net
clear SPI for SSLSocket and
the java package namespace makes it necesary to actually touch all classes
to get them compiled in parallel to a normal JDK.
Gruss
Bernd
Am 25.07.2013, 16:15 Uhr, schrieb Zhong Yu :
Hi, can someone shed some light on the questions? Any information will
be greatly
preferred family different from that. So it is better to use the
literal returned by that function. (or remove this from javadoc).
Bernd
a SSL implementation needs more
than a ordered list, so it would do something implementation dependend
anyway, why would one need a standardized boolean in addition?
Bernd
cify
the strategy. This option name can be standadized and others then can pick it
up as well. You could even specify "RFC" and "ServerOrder" as the two mandatory
supported options.
Greetings
Bernd
provider specific algorithms,
Integers would only work with a registry. Strings are self describing
enough to go without a registry (if you want to be safe you could use URIs
like XML Parser params/features).
Gruss
Bernd
--
http://bernd.eckenfels.net
dont know about bugs who allow to
negotiate disabled ciphers. Picking suboptimal ciphers from the point of
view of the server operator can of course still happen with a short(er)
list. It would be good if JDK JSSE can provide a different selector
strategy.
Gruss
Bernd
if (javaAWTAccess == null) {
174 return null;
175 }
176 return javaAWTAccess;
Greetings
Bernd
me virtual
filesystems do a lot of commit work on close. So typically you add a close
inside the try as well.
Greetings
Bernd
Am 10.10.2013, 04:36 Uhr, schrieb Joseph Darcy :
It is a hazard (I thought I had published a blog entry on this very
tropic, but apparently not). The most robust
begin with complain :)
Gruss
Bernd
java.lang.SecurityException: com.sun.deploy.net.JARSigningException:
Unsignierter Eintrag gefunden in Ressource: http://localhost:1/sjar
at com.sun.deploy.cache.CacheEntry.getJarFile(Unknown Source)
at
Am 16.10.2013, 05:01 Uhr, schrieb Bernd Eckenfels
:
java.lang.SecurityException: com.sun.deploy.net.JARSigningException:
Unsignierter Eintrag gefunden in Ressource:
http://localhost:1/sjar
I was checking if deployment rules would help me here. But if I create a
run-rule for this
ained here for example:
http://www.duckware.com/tech/java-security-clusterfuck.html)
Greetings
Bernd
t tag) and it did not help. This version is
really bad :-/
Bernd
--
http://bernd.eckenfels.net
HTML has become much more powerfull
lately. This "situation" (and I dont blame Oracle it started in sun times)
really kills Java on the Desktop.
Gruss
Bernd
--
http://bernd.eckenfels.net
using File.newDirectoryStream of NIO.2
Gruss
Bernd
--
http://bernd.eckenfels.net
,
String host, String osError) would be really usefull?
Gruss
Bernd
--
http://bernd.eckenfels.net
Digest.SHA-1 ->
org.bouncycastle.jce.provider.JDKMessageDigest$SHA1
aliases: [SHA1, SHA, 1.3.14.3.2.26]
Digest:SHA-1 Message Digest from BC 275951648768bytes x nul
hash=6938f23e29e7d3dcd100d0ed2df9d6593113718f in 9275,935s
That is 35MiB/s vs. 28MiB/s vs. openssl 57MiB/s
Bernd
* cygwin dd
$PasswordCallbackHandler, this inner class access to
password field is quite confusing.
(I guess one could file a cleanup RFE for both issues instead as well).
Gruss
Bernd
Am 10.12.2013, 17:46 Uhr, schrieb Alan Bateman :
DialogCallbackHandler is the sample Swing based CallbackHandler in the
JDK-specific API to
suggest that the ciphertext randomization from Tsuyoshi Takagi to be
used.
BC has an RSA blinding implementation, but mostly concerned with using it
for blind signatures. When blinding is only used to add randomness it
would not require parameters to be configured.
Greetings
Bernd
--
http
nd configure the
list accordingly. The default can then be more practially oriented.
Greetings
Bernd
--
http://bernd.eckenfels.net
one_splitting":false,
"insecure_cipher_suites":{},
"tls_version":"TLS 1.2",
"rating":"Improvable"}
Not sure what contributes to improvable, I guess the absence of session
ticket support is the major point here.
We talked about the sequence of ciphers before. Anyway, as I
read here:
https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls
"PFS is not enabled by default", but the cipher list looks otherwise?
(which I think is good),
But, I am not sure why TLS_RSA_WITH_AES_128_CBC_SHA256 is higher
prioritized than TLS_DHE_RSA_WITH_AES_128_CBC_SHA256?
Greetings
Bernd
PS:
https://github.com/ecki/JavaCryptoTest/blob/master/src/main/java/net/eckenfels/test/howsmyssl/Client.java
nition make sure to read till the end and check the close().
Bernd
BTW: thanks Florian to mention it might not be a good idea to
uncompress unverified data. (but this point does not make me happy from
a streaming perspective :)
ding and authentication exceptions in the Javadoc.
Greetings
Bernd
Hello Matthew, List,
Am Thu, 6 Mar 2014 15:44:27 -0800
schrieb Matthew Hall :
> On Thu, Mar 06, 2014 at 10:01:57PM +0100, Bernd Eckenfels wrote:
> > My thinking was, that the "streamed" mode is usefull, but the
> > "secure" mode is also usefull. At least for B
Am Mon, 24 Mar 2014 16:13:17 -0700
schrieb "Valerie (Yu-Ching) Peng" :
>
> Here is the enhancement proposal for adding CCM cipher mode support
> to JDK. For details, please refer to the following JEP:
>
> http://cr.openjdk.java.net/~valeriep/8008342/jepCCM.txt
>
> Comments or feedback welcome.
to
ship the JAR only in a dir where they CAN be added to the classpath,
but are not by default (similiar to javadb/derby).
Gruss
Bernd
Am Tue, 22 Apr 2014 12:39:57 -0700
schrieb Mandy Chung :
> This change proposes to remove granting all permissions for
> extensions as the default and impl
Bernd
lic static SecureRandom getSecureRandom() { return secureRandom; }
WDYT?
Gruss
Bernd
And just a followup: it is interesting to note, that this Utility is
still used as default random source for Key Generators and DSA
Signatures. I would expect those need to refer to
SecureRandom.getInstanceStrong() instead? (the string instance getter
is nowhere used?)
Bernd
ely.
My problem is, that I need to serialize the state to a database or
file. The problem about the non-clone support is not a big problem for
me, as I can select a well known provider.
Greetings
Bernd
y.
Yes, I have the need to persist the partial state in a database. So I
would need to get the actual state bytes.
In some cases I can use the clone() and its also not a big problem to
request providers which are known to be Cloneable.
Greetings
Bernd
Just a BTW: It would be really cool to have a SPI interface for that, so people
who need SRP, CCM or shared secret handshakes (or stuff like NPN?) don't need
to use a third party SSL engine.
--
http://bernd.eckenfels.net
- Ursprüngliche Nachricht -
Von: "Wang Weijun"
Gesendet: 13.08
secure
random getter as well?
what about testing the sorting logic (based on the egd url property) I think
this is still implemented, even with the different seeding modes for Native.
Gruss
Bernd
--
http://bernd.eckenfels.net
- Ursprüngliche Nachricht -
Von: "raghu k.nair"
could
work around by constructing the client socket with no hostname, but I
really wish both features could be controlled dynamically.
Greetings
Bernd
Am Tue, 02 Sep 2014 14:15:45 -0700 schrieb Jamil Nimeh
:
> Hello all,
>
> The draft JEP "OCSP Stapling for TLS" has been ope
ersion, is this before or
after the modular split? The latest code does not seem to match the stacktrace:
http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/40c3a5ce8047/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java
Gruss
Bernd
painfull and keep Java as recent as protocol support as one would
expect.
(And sorry for the "false" alert, rory :)
Gruss
Bernd
Am Wed, 17 Sep 2014 12:14:05 +1000
schrieb Stuart Douglas :
> This is because Undertow is testing SPDY and HTTP2, which use Jetty
> ALPN. This ja
protocols which have
different needs and threat scenarios. Crypto primitives should stay
away from that policing.
Gruss
Bernd
Am Fri, 19 Sep 2014 09:56:02 +0900
schrieb Atsuhiko Yamanaka :
> Hi,
>
> Thank you for your quick response,
>
> On Fri, Sep 19, 2014 at 9:04 AM, Valeri
king and trustsstore, right? (so I better customize the
ExtendedX509TrustManager for checks in addition to the normal checks,
right?
*
http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/21568031434d/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java#l454
Greetings
Bernd
which cannot be
circumvented (i.e. works with all requested protocols and even when
enable is called). (and maybe jdk.tls.*.cipher.blacklist as well)
Besides that, any news on the FALLBACK_SCSV patch from Florian?
Gruss
Bernd
I actually wanted to make sure hostname verification is not skipped,
no matter how I configure it).
Gruss
Bernd
(*)
https://github.com/ecki/JavaCryptoTest/blob/master/src/main/java/net/eckenfels/test/howsmyssl/Client.java#L31
not bound to the
providers, but to the actual primitive needed (like AES GCM).
Gruss
Bernd
Am Mon, 10 Nov 2014 14:28:44 +0100
schrieb Simone Bordet :
> Hi,
>
> On Mon, Nov 10, 2014 at 2:07 PM, Florian Weimer
> wrote:
> > On 11/07/2014 02:06 PM, Simone Bordet wrote:
> >
dont think this is needed,
InetAddress does synchronisation itself
(InetAddress.getAddressFromNameService() is used inside
synchronized(cacheLock)).
Gruss
Bernd
Am Tue, 25 Nov 2014 22:13:10 +0800
schrieb Wang Weijun :
>
> > On Nov 25, 2014, at 20:55, Tom Hawtin wrote:
> >
>
That does tell all IMHO.
Gruss
Bernd
Am Thu, 4 Dec 2014 12:09:49 +0800
schrieb Wang Weijun :
> Hi All
>
> I am comparing the difference of SHA-1 and SHA-256. First I wrote a
> JMH benchmark:
>
> @Benchmark
> public void sig1(Blackhole bh) throws Exception {
> bh.consume(s
Just get it and throw it away, it is easier than iterating the algorithms of
the providers.
> Am 12.12.2014 um 05:02 schrieb Weijun Wang :
>
> I'd like to check if "SHA-256" is supported without calling
> MessageDigest.getInstance("SHA-256"). Does such a method exist?
>
> My case is a multi-t
am not sure if
an intrinsic applied here)
Gruss
Bernd
PS: (i know, non-comment policy but I dont really see a reason to
embargo this. Java is hardly a good candidate for safe crypto
(unfortunatelly).
I know here on the list are people which are not all developers of the
security components but care about java security, so I guess it is fine
to share that pointer here.
Gruss
Bernd
be a 8bit clean encoding (and will be compatible to all
ASCII only strings). It is still ugly and needs to be documanted
cleanly that the string you get back might not be a string at all.
Gruss
Bernd
there another way to do that?
Gruss
Bernd
I think this does not address the minimum accepted
size of an client SSLSocket (at least I could not see that in the
description). It only allows to configure the server generated groups
in the ServerKeyExchange.
When setting jdk.tls.ephemeralDHKeySize=2048 I still can connect to
https://dhe512
miiar with the code, maybe
you can point me to a place where the DHE size would be validated).
Thinking about it, it might be possible to register an own
DiffieHellmann provider to enforce a limit, hm.
Gruss
Bernd
Am Sat, 23 May 2015 17:18:07 +0200
schrieb Bernd Eckenfels :
> I searched the ClientHandshaker for usages of algorithmConstraints,
> and it does not use it for the DHE part. It only question
> KEY_AGREEMENT for cipher suite selection. (But I am not so famiiar
> with the code, maybe y
Am Sat, 23 May 2015 17:48:25 +0200
schrieb Bernd Eckenfels :
> I also run some connection test
In case somebody wonders, the test code is here:
https://github.com/ecki/JavaCryptoTest#simple-weakdh-logjam-test-client
Gruss
Bernd
Hello,
I need to correct a statement:
Am Sat, 23 May 2015 15:50:06 +0200
schrieb Bernd Eckenfels :
> BTW in Regards to the Server side:
>
> That document should mention that the parameter group is generated
> randomly on first use (matching DSA restrictions). It is a good thing
&g
est user might as well be
Google App Engine (not sure how far their special platform relies on
the security manager).
Gruss
Bernd
PS: Michael I would be interested in your paper for my personal
education.
of DHE
completely before, so they did not use the keySize syntax either).
Gruss
Bernd
1 - 100 of 260 matches
Mail list logo
