On Tue, 23 Jun 2026 21:31:44 GMT, Hai-May Chao <[email protected]> wrote:

>> This change adds the `jdk.crypto.legacyAlgorithms` security property to 
>> `java.security`. At the JCE layer, the JDK checks this property and emits a 
>> runtime warning when a configured legacy algorithm is requested.
>> 
>> ---------
>> - [x] I confirm that I make this contribution in accordance with the 
>> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai).
>
> Hai-May Chao has updated the pull request incrementally with two additional 
> commits since the last revision:
> 
>  - Update java.security
>  - Update Javadoc for getInstance()

src/java.base/share/classes/java/security/KeyStore.java line 870:

> 868:      * each legacy keystore type. If the keystore type is also disabled,
> 869:      * the warning will not be shown.
> 870:      * If the {@systemProperty jdk.crypto.legacyAlgorithms} is set,

When the javadoc is rendered, it doesn't say this is a system property, it just 
says:

`If the jdk.crypto.legacyAlgorithms is set,`

So, you should add the words "system property" after `{@systemProperty 
jdk.crypto.legacyAlgorithms}`.

The same comment applies to the existing text above this for the 
`jdk.crypto.disabledAlgorithms` system property - can you also correct that as 
part of this change?

This comment applies to all `getInstance` methods in this PR.

src/java.base/share/conf/security/java.security line 821:

> 819: # getInstance(...) methods of the supported Service classes, i.e. Cipher,
> 820: # KeyStore, MessageDigest, and Signature. If the algorithm is considered 
> legacy, the
> 821: # JDK emits a warning when the algorithm is requested.

Let's add 2 more sentences, same as the text in the `getInstance` methods: 
"This warning is shown once per caller for each legacy algorithm. If the 
algorithm is also disabled, the warning will not be shown."

src/java.base/share/conf/security/java.security line 821:

> 819: # getInstance(...) methods of the supported Service classes, i.e. Cipher,
> 820: # KeyStore, MessageDigest, and Signature. If the algorithm is considered 
> legacy, the
> 821: # JDK emits a warning when the algorithm is requested.

s/a warning/a warning at runtime/

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/31472#discussion_r3475383834
PR Review Comment: https://git.openjdk.org/jdk/pull/31472#discussion_r3475472977
PR Review Comment: https://git.openjdk.org/jdk/pull/31472#discussion_r3475475606

Reply via email to