On Tue, 17 Jan 2023 23:25:42 GMT, Hai-May Chao <[email protected]> wrote:
> Please review the fix to address the problem in keytool -genseckey and
> -importpass.
src/java.base/share/classes/sun/security/tools/keytool/Main.java line 1840:
> 1838: }
> 1839:
> 1840: String[] weakAlgs = new String[] {"DES", "DESEDE", "MD5",
> "SHA1", "RC2", "RC4"};
Instead of hardcoding the weak algorithms here, the security property
`jdk.security.legacyAlgorithms` should probably be used. We can decompose the
PBE algorithm name to parts and make the comparison. For example,
"PBEWithSHA1AndDESede" should only match "DESede" but not "DES".
-------------
PR: https://git.openjdk.org/jdk/pull/12056
