On Tue, 15 Mar 2022 16:00:41 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system pro
On Tue, 15 Mar 2022 16:00:41 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system pro
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value M
On Tue, 15 Mar 2022 10:24:43 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>> line 102:
>>
>>> 100: propPrefix + "reEnabledAlgorithms";
>>> 101:
>>> 102: private static final Set disabledAlgorithms = new
>>> HashSet<
On Fri, 11 Mar 2022 18:12:27 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> update after second review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
On Mon, 14 Mar 2022 13:26:34 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system pro
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value M
On Fri, 11 Mar 2022 17:37:44 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system pro
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value M
On Thu, 10 Mar 2022 16:50:05 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/java/net/doc-files/net-properties.html line 234:
>>
>>> 232: in the {@code java.security} properties file and currently
>>> comprises {@code MD5} and
>>> 233: {@code SHA-1}. If it is still re
On Fri, 11 Mar 2022 17:37:44 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system pro
On Fri, 11 Mar 2022 17:37:44 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system pro
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value M
On Mon, 7 Mar 2022 14:41:47 GMT, Weijun Wang wrote:
>> 2nd test of https://datatracker.ietf.org/doc/html/rfc7616#section-3.9 is on
>> this algorithm, but it requires UTF-8 charset support and a way to provide a
>> predefined cnonce. If it's not worth modifying our implementation to create
>> a
On Thu, 10 Mar 2022 15:02:17 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthen
On Thu, 10 Mar 2022 16:43:23 GMT, Michael McMahon wrote:
>> src/java.base/share/conf/security/java.security line 711:
>>
>>> 709: # separated list of algorithms to be allowed.
>>> 710: #
>>> 711: jdk.httpdigest.defaultDisabledAlgorithms = MD5, MD-5, SHA1, SHA-1
>>
>> I haven't seen people using
On Thu, 10 Mar 2022 14:26:28 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/java/net/doc-files/net-properties.html
On Thu, 10 Mar 2022 14:21:41 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/conf/security/java.security line 711:
>
>> 70
On Wed, 9 Mar 2022 14:23:38 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system prop
On Thu, 10 Mar 2022 10:48:09 GMT, Michael McMahon wrote:
>> Maybe `String.trim()` should be called on each element after splitting
>> instead: you want to remove spaces before and after commas, not necessarily
>> spaces within a name. "MD 5, SHA-256" probably shouldn't be parsed as
>> "MD5,SHA
On Thu, 10 Mar 2022 10:54:52 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>> line 82:
>>
>>> 80: @SuppressWarnings("removal")
>>> 81: String secprops = AccessController.doPrivileged(
>>> 82: new Privil
On Wed, 9 Mar 2022 15:41:08 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthent
On Wed, 9 Mar 2022 15:18:43 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthen
On Wed, 9 Mar 2022 14:23:24 GMT, Weijun Wang wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthent
On Wed, 9 Mar 2022 15:53:02 GMT, Daniel Fuchs wrote:
>> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>> line 85:
>>
>>> 83: public String run() {
>>> 84: return Security.getProperty(secPropName)
>>> 85:
On Wed, 9 Mar 2022 15:18:02 GMT, Daniel Fuchs wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthen
On Wed, 9 Mar 2022 14:23:38 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system prop
On Wed, 9 Mar 2022 14:23:38 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system prop
On Wed, 9 Mar 2022 14:23:38 GMT, Michael McMahon wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system prop
On Mon, 7 Mar 2022 20:35:13 GMT, Sean Mullan wrote:
>> Michael McMahon has updated the pull request incrementally with two
>> additional commits since the last revision:
>>
>> - update
>> - update after first review round
>
> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthent
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
> "http.auth.digest.reEnabledAlgs" to include the value M
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Mon, 7 Mar 2022 14:22:58 GMT, Weijun Wang wrote:
>> Okay, I'll double check that. I haven't found any server implementations of
>> this feature to test with yet,
>
> 2nd test of https://datatracker.ietf.org/doc/html/rfc7616#section-3.9 is on
> this algorithm, but it requires UTF-8 charset su
On Mon, 7 Mar 2022 11:01:16 GMT, Michael McMahon wrote:
>> src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
>> line 670:
>>
>>> 668: if (truncate256) {
>>> 669: assert digest.length >= 32;
>>> 670: start = digest.length - 32;
>>
>>
On Sat, 5 Mar 2022 15:07:15 GMT, Jaikiran Pai wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system propert
t-dev@openjdk.java.net
Betreff: Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by
default
On Fri, 4 Mar 2022 14:59:48 GMT, Weijun Wang wrote:
Hi,
Could I get the following change reviewed please, which is to
disable the MD5 message digest algorithm by default in the HTTP
Digest authentic
://bernd.eckenfels.net
Von: net-dev im Auftrag von Michael
McMahon
Gesendet: Monday, March 7, 2022 12:04:02 PM
An:net-dev@openjdk.java.net
Betreff: Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by default
On Fri, 4 Mar 2022 14:59:48 GMT, Weijun Wang wrote:
Hi
On Fri, 4 Mar 2022 16:26:52 GMT, Weijun Wang wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system property
Bernd
--
http://bernd.eckenfels.net
Von: net-dev im Auftrag von Michael McMahon
Gesendet: Monday, March 7, 2022 12:04:02 PM
An: net-dev@openjdk.java.net
Betreff: Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by default
On Fri, 4 Mar 2022 14:59:48 GMT
On Fri, 4 Mar 2022 14:59:48 GMT, Weijun Wang wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
://bernd.eckenfels.net
Von: Michael McMahon
Gesendet: Friday, March 4, 2022 4:07:49 PM
An: Bernd Eckenfels ; net-dev@openjdk.java.net
Betreff: Re: RFR: 8281561: Disable http DIGEST mechanism with MD5 by default
Bernd,
If I understand you correctly, there is no
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
echanisms so the update
won’t change the behavior? (If there is no negotiation?)
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: net-dev im Auftrag von Michael
McMahon
Gesendet: Friday, March 4, 2022 1:33:06 PM
An:net-dev@openjdk.java.net
Betreff: Re: RFR: 8281561:
On Fri, 4 Mar 2022 14:39:50 GMT, Jaikiran Pai wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system propert
On Fri, 4 Mar 2022 14:06:14 GMT, Daniel Fuchs wrote:
>> src/java.base/share/classes/java/net/doc-files/net-properties.html line 227:
>>
>>> 225: name.
>>> 226:
>>> 227:{@systemProperty http.auth.digest.reEnabledAlgs}
>>> (default: )
>>
>> Hello Michael, from
On Fri, 4 Mar 2022 14:11:00 GMT, Jaikiran Pai wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system propert
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 13:50:37 GMT, Jaikiran Pai wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system propert
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
: 8281561: Disable http DIGEST mechanism with MD5 by default
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
>
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 13:13:47 GMT, Daniel Fuchs wrote:
>> Hi,
>>
>> Could I get the following change reviewed please, which is to disable the
>> MD5 message digest algorithm by default in the HTTP Digest authentication
>> mechanism? The algorithm can be opted into by setting a new system propert
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 12:29:28 GMT, Michael McMahon wrote:
> > So, maybe, we could have a 2nd net property with the default disabled
> > algorithms and in net.properties we identify MD5 only for now. Users could
> > add to that list if they want or even specify it on the command line. I
> > think
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 12:12:25 GMT, Daniel Fuchs wrote:
> > I considered that and implemented it that way at the start, but what you
> > would end up with then is users running their code with something like:
> > -DdisabledAlgNames=""
> > I find that style leads to a much less explicit "opting in"
On Fri, 4 Mar 2022 12:03:44 GMT, Michael McMahon wrote:
> I considered that and implemented it that way at the start, but what you
> would end up with then is users running their code with something like:
> -DdisabledAlgNames=""
>
> I find that style leads to a much less explicit "opting in" t
On Fri, 4 Mar 2022 11:25:38 GMT, Daniel Fuchs wrote:
> Should we instead have a property to disable algorithms, whose default value
> would contain "MD5" by default?
I considered that and implemented it that way at the start, but what you would
end up with then is users running their code with
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
On Fri, 4 Mar 2022 09:37:21 GMT, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please, which is to disable the MD5
> message digest algorithm by default in the HTTP Digest authentication
> mechanism? The algorithm can be opted into by setting a new system property
63 matches
Mail list logo
