On Thu, 2 Jul 2026 04:53:04 GMT, Hai-May Chao <[email protected]> wrote:

>> This change adds the `jdk.crypto.legacyAlgorithms` security property to 
>> `java.security`. At the JCE layer, the JDK checks this property and emits a 
>> runtime warning when a configured legacy algorithm is requested.
>> 
>> ---------
>> - [x] I confirm that I make this contribution in accordance with the 
>> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai).
>
> Hai-May Chao has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   Update with Sean's comments

test/jdk/java/security/Signature/TestLegacyAlgorithms.java line 138:

> 136:         for (Provider p : providers) {
> 137:             for (String a : ALG_LIST) {
> 138:                 checkWarn("provider object " + p.getName() + ": alg " + 
> a,

Have you tested this when there is more than one provider that supports the 
legacy algorithm? It seems that the warning would only be emitted once for the 
first provider, since it is the same caller when the 2nd provider is used.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/31472#discussion_r3531164791

Reply via email to