OpenJDK Security Development

This forum is an archive for the mailing list security-dev@openjdk.java.net (more options) Messages posted here will be sent to this mailing list.
The term "Security" has broad meanings and interpretations. It spans a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. The security component thus comprises a large set of APIs, tools, and implementations of commonly-used security algorithms and protocols.

As security concepts such as permissions are tightly interwoven throughout the entire Java source code, these component pages do not address issues in the other primary component areas (language features and virtual machine implementations, core libraries, graphics subsystems, hotspot, serviceability, etc). For a more detailed treatment, please see the corresponding component pages.

The primary emphasis of these pages is to explore the core security components source bases, and hopefully, get developers up to speed quickly.
1234 ... 244
Topics (8513)
Replies Last Post Views
RFR(s): 8204196: integer cleanup by Anthony Scarpino
1
by Xuelei Fan-2
RFR[11] JDK-8206171: Signature#getParameters for RSASSA-PSS throws ProviderException when not initialized by Valerie Peng
20
by Wang Weijun
EC weirdness by Michael StJohns
2
by Michael StJohns
Inconsistent SSLEngine behavior for closing outbound while in handshake in 11ea22 by Tim Brooks
2
by Tim Brooks
[11] RFR 8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore by Wang Weijun
1
by Xuelei Fan-2
RFR 8207250: setUseClientMode post handshake with the same value as before does not throw IAE by Wang Weijun
1
by Xuelei Fan-2
RFR: 8203230: update VerifyCACerts tests by Rajan Halade
1
by Sean Mullan
RFR: JDK-8207237: SSLSocket#setEnabledCipherSuites is accepting empty string by Jamil Nimeh
1
by Xuelei Fan-2
RFR 8206929: Check session context for TLS session resumption by Adam Petcher
15
by Adam Petcher
[11] RFR 8207318: KeyStore#getInstance(File, LoadStoreParameter) does not load the keystore by Wang Weijun
1
by Sean Mullan
Trouble with SPNEGO by tom
3
by Nagaraju Chitimilla
RFR[11] JDK-8206258: [Test Error] sun/security/pkcs11 tests fail if NSS libs not found by sha.jiang
4
by sha.jiang
RFR: 8207321: Merge error with 8199779 by Rajan Halade
1
by Sean Mullan
RFR JDK-8029661: JDK-Support TLS v1.2 algorithm in SunPKCS11 provider by Martin Balao
7
by Valerie Peng
SSLEngine weird behavior in 11+21? by Simone Bordet
16
by Simone Bordet
RFR[12] JDK-8206443: Update security libs manual test to cope with removal of javac -source/-target 6 by sha.jiang
1
by Xuelei Fan-2
RFR: 8199779: Add T-Systems, GlobalSign and Starfield services root certificates by Rajan Halade
1
by Sean Mullan
Code Review Request, JDK-8207029 Unable to use custom SSLEngine with default TrustManagerFactory after updating to JDK 11 b21 by Xuelei Fan-2
4
by Xuelei Fan-2
RFR 8207031 : CKM_SSL3_PRE_MASTER_KEY_GEN used without need in P11RSACipher.class by Ivan Gerasimov
0
by Ivan Gerasimov
RFR[12] JDK-8179098 "Crypto AES/ECB encryption/decryption performance regression (introduced in jdk9b73)" by Valerie Peng
6
by Valerie Peng
RFR 8206915: XDH TCK issues by Adam Petcher
6
by Xuelei Fan-2
[11] RFR 8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error by Wang Weijun
1
by Xuelei Fan-2
security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails in jdk by Baesken, Matthias
2
by Baesken, Matthias
Re: Unable to use custom SSLEngine with default TrustManagerFactory after updating to ea20 (and later) by Alan Bateman
7
by Xuelei Fan-2
JDK 11+21 SSLSocket.close() deadlock? by Simone Bordet
2
by Simone Bordet
RFR[11] JDK-8199645: javax/net/ssl/SSLSession/TestEnabledProtocols.java failed with Connection reset by sha.jiang
2
by sha.jiang
(Open) RFR: 8205967: Remove sun/security/krb5/auto/UnboundSSL.java from ProblemList.txt by Andrew Wong
1
by Xuelei Fan-2
RFR: 8148188: Enhance the security libraries to record events of interest by Seán Coffey
8
by Seán Coffey
RFR[11] JDK-8203007: Address missing block coverage for ChaCha20 and Poly1305 algorithms by sha.jiang
2
by Xuelei Fan-2
[8u] RFR for backport of JDK-8175120 and JDK-8164656 by Ramkumar Sunderbabu
0
by Ramkumar Sunderbabu
[11] RFR 8198352: java.util.MissingResourceException: sun.security.util.AuthResources when trying to use com.sun.security.auth.module.UnixLoginModule by Wang Weijun
1
by Xuelei Fan-2
(Open) RFR: 8205967: Remove sun/security/krb5/auto/UnboundSSL.java from ProblemList.txt by Andrew Wong
0
by Andrew Wong
[11] RFR: 8206355: SSLSessionImpl.getLocalPrincipal() throws NPE by Sibabrata Sahoo
1
by Xuelei Fan-2
[8u] RFR: 8074462: Handshake messages can be strictly ordered by Prasadrao Koppula
2
by Prasadrao Koppula
Failing PKCS11 tests if NSS is not installed by Thomas Stüfe-2
0
by Thomas Stüfe-2
1234 ... 244