On Wed, 6 Aug 2025 15:34:11 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> I thought about an option of using `*` wildcard too. We can do it in this >> iteration simply by replacing `*.algorithm` with `Cipher.algorithm`, >> `KeyStore.algorithm`, `MessageDiges.algorithmt`, `Signature.algorithm`. > > But I think simply omitting a service name is a better solution because in > such case we can check the algorithm against the whole > `jdk.crypto.disabledAlgorithms` property in one call without specifying the > service name: > `CryptoAlgorithmConstraints.permits(algo)` Well, with the current list of 4 supported services, they don't generally share the algorithm names. Thus, I don't see a lot of sense of doing this. Personally, I'd view omitting of service as an oversight. Not sure how commonly used it is. If there is no strong need for supporting wildcard, then I'd not do it at least for this iteration. This is my personal preference. If there are strong reasons and usage scenarios driving wildcard support, then I am open for it. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/26377#discussion_r2261752951
