OpenJDK Security Development

This forum is an archive for the mailing list security-dev@openjdk.java.net (more options) Messages posted here will be sent to this mailing list.
The term "Security" has broad meanings and interpretations. It spans a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. The security component thus comprises a large set of APIs, tools, and implementations of commonly-used security algorithms and protocols.

As security concepts such as permissions are tightly interwoven throughout the entire Java source code, these component pages do not address issues in the other primary component areas (language features and virtual machine implementations, core libraries, graphics subsystems, hotspot, serviceability, etc). For a more detailed treatment, please see the corresponding component pages.

The primary emphasis of these pages is to explore the core security components source bases, and hopefully, get developers up to speed quickly.
1234 ... 237
Topics (8264)
Replies Last Post Views
JCA design for RFC 7748 by Adam Petcher
39
by Michael StJohns
Re: RFR: JDK-8159544: Remove deprecated classes in com.sun.security.auth.** by Vincent Ryan
3
by Sean Mullan
RFR: 8170157, 8170245: Enable unlimited cryptographic policy by default in OracleJDK by Seán Coffey
0
by Seán Coffey
CSR Review for 8159544: Remove deprecated classes in com.sun.security.auth.** by Sean Mullan
4
by Sean Mullan
RFR : 8159035: com/sun/crypto/provider/Cipher/CTS/CTSMode.java test crashed due to unhandled case of cipher length value as 0 by Seán Coffey
0
by Seán Coffey
RFR JDK-8179614: Test for jarsigner on verifying jars that are signed and timestamped by other JDK releases by sha.jiang
16
by sha.jiang
On 8186143: Subject Alternative Name doesn't Accept Wildcards for DNS names by Weijun Wang
0
by Weijun Wang
RFR: JDK-8186160 Fix a11y issues in java.security package by Jonathan Gibbons
5
by Brent Christian-2
RFR[10] 8185620: MSCAPI test leaves too many entries in keystore by sha.jiang
2
by Vincent Ryan
Code review request: JDK-8046295 - Support Trusted CA Indication extension by Martin Balao
15
by Xuelei Fan-2
[10] RFR 8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key" by Weijun Wang
4
by Weijun Wang
Request - JavaScript Compatible Number Canonicalization by Anders Rundgren
0
by Anders Rundgren
TLS 1.3 support in JDK by Neetish Pathak
1
by Brad R. Wetmore
PKCS #11 TC looks into OKP versus EC for CFRG support by Anders Rundgren
2
by Anders Rundgren
RFR 8184744 : Replace finalizer in crypto classes with Cleaner by roger riggs
3
by roger riggs
Code Review Request: JDK-8148421 (Extended Master Secret TLS extension) by Martin Balao
0
by Martin Balao
Java security socket permission by Anish kumar
0
by Anish kumar
[10] RFR 8166222: Don't treat signed jars with invalid timestamps as unsigned by Weijun Wang
10
by Weijun Wang
Re: RFR: JDK-8185758: jdk.smartcardio has broken docs for exceptions by Mandy Chung
0
by Mandy Chung
Code Review Request, JDK-8180643 Illegal handshake message by Xuelei Fan-2
2
by Xuelei Fan-2
[10] RFR: JDK-8183310: java/security/modules/ModularTest.java should clean up better by Sibabrata Sahoo
2
by Weijun Wang
Fwd: TLS 1.3 support in JDK by Neetish Pathak-2
0
by Neetish Pathak-2
Code Review Request: JDK-6491070 (Support for RFC 5929-Channel Bindings) by Martin Balao
1
by Martin Balao
RFR 8183591: Incorrect behavior when reading DER value with Integer.MAX_VALUE length by Adam Petcher
8
by Weijun Wang
Code Review request, JDK-6645409, Remove not used DefaultHostnameVerifier by Xuelei Fan-2
2
by Xuelei Fan-2
Code Review Request, JDK-8184316, Typo in javax.net.ssl.SSLServerSocket class documentation by Xuelei Fan-2
5
by Sean Mullan
IETF input on CFRG support in Java by Anders Rundgren
0
by Anders Rundgren
8184916: DisabledAlgorithmConstraints loading should be delayed until needed by Alan Bateman
1
by Sean Mullan
jar verification regression Oracle 8u141 by Bernd Eckenfels-4
2
by Bernd Eckenfels-4
RFR[10] JDK-8177017: com/oracle/security/ucrypto/TestAES.java fails intermittently by sha.jiang
4
by Valerie Peng
RFR 10 (XS): 8184673: Fix compatibility issue in AlgorithmChecker for 3rd party JCE providers by Langer, Christoph
6
by Anthony Scarpino
RE: [RFR] 8174849: Change SHA1 certpath restrictions - issue with 3rd party JCE provider by Langer, Christoph
11
by Langer, Christoph
Re: JDK-8182879: Add warnings to keytool when using JKS and JCEKS by Weijun Wang
1
by Sean Mullan
RFR: 8184208: update class="striped" tables for accessibility by Jonathan Gibbons
3
by Lance Andersen
RFR 8182999: SunEC throws ProviderException on invalid curves by Adam Petcher
12
by Vincent Ryan
1234 ... 237