On Mon, 8 Apr 2024 19:33:25 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Existing legacy mechanism check disables mechanism(s) when the support is >> partial, e.g. supports decryption but not encryption, or supports >> verification but not signing. Some mechanisms can be used for both >> encryption/decryption and sign/verify such as RSA related ones. If the >> particular mechanism supports sign/verify/decryption but not encryption, >> it'd be disabled as a result. Fine tune the legacy mechanism check with the >> service type, i.e. supports encryption for Cipher, sign for Signature, so >> the mechanism is disabled based on the service type. >> For completeness sake, I also added a PKCS11 provider configuration option >> to control this. If not set, SunPKCS11 provider will disable legacy >> mechanisms by default. > > Valerie Peng has updated the pull request incrementally with one additional > commit since the last revision: > > Update to match CSR for disableLegacy -> allowLegacy name change Marked as reviewed by weijun (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/18387#pullrequestreview-2033682916
