Quantcast

OpenJDK Security Development

This forum is an archive for the mailing list security-dev@openjdk.java.net (more options) Messages posted here will be sent to this mailing list.
The term "Security" has broad meanings and interpretations. It spans a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. The security component thus comprises a large set of APIs, tools, and implementations of commonly-used security algorithms and protocols.

As security concepts such as permissions are tightly interwoven throughout the entire Java source code, these component pages do not address issues in the other primary component areas (language features and virtual machine implementations, core libraries, graphics subsystems, hotspot, serviceability, etc). For a more detailed treatment, please see the corresponding component pages.

The primary emphasis of these pages is to explore the core security components source bases, and hopefully, get developers up to speed quickly.
1234 ... 233
Topics (8139)
Replies Last Post Views
RFR 8006259: Test example vectors from NIST SP 800-38A by Adam Petcher
3
by Valerie Peng
[JDK-8146293] - Proposal to fix RSASSA-PSS AlgorithmChecker constraints for TLS 1.2 by Christopher Fox
3
by Sean Mullan
RFR 8171319: keytool should print out warnings when reading or generating cert/cert req using weak algorithms by Weijun Wang
4
by Weijun Wang
RFR 8175120: Remove old tests on kdc timeout policy by Weijun Wang
1
by Xuelei Fan-2
RFR: 8175079: Lazy initialization of ImageReader breaks rmid by Claes Redestad
2
by Claes Redestad
RFR 8168410: Multiple JCK tests are failing due to SecurityException is not thrown. by Weijun Wang
7
by Weijun Wang
[RFR] 8174849: Change SHA1 certpath restrictions by Anthony Scarpino
4
by Jim Manico
RFR 8174909: Doc error in SecureRandom by Weijun Wang
1
by Sean Mullan
JDK 9 RFR of JDK-8174887: Problem list javax/net/ssl/DTLS/RespondToRetransmit.java by Amy Lu-2
1
by Xuelei Fan-2
RFR: 8174837: Add "since=9" to deprecated ContentSigner and ContentSignerParameters classes by Sean Mullan
2
by Weijun Wang
RFR release notes for multiple enhancements: krb5, SASL, JAAS, policytool by Weijun Wang
8
by Sean Mullan
TlsRsaPremasterSecretParameterSpec by Gardiner Michael
3
by Seán Coffey
[9] RFR: 8168423: Test Task: Custom system class loader + security manager + malformed policy file = recursive initialization by Sibabrata Sahoo
6
by Sean Mullan
RFR 8174157: Backout 8151116 by Anthony Scarpino
1
by Sean Mullan
RFR: 8160655 Fix denyAfter and usage types for security properties by Anthony Scarpino
11
by Sean Mullan
RFR [9] 8173708: Re-enable AES cipher with CFB128 mode for Ucrypto provider by Valerie Peng
1
by Bradford Wetmore
RFR : 8173783: IllegalArgumentException: jdk.tls.namedGroups by Seán Coffey
4
by Seán Coffey
RFR 8173410: Add commented config line for jdk.security.provider.preferred by Anthony Scarpino
2
by Anthony Scarpino
[9] 8173956: KeyStore regression due to default keystore being changed to PKCS12 by Vincent Ryan
1
by Xuelei Fan-2
JDK 10 RFR of JDK-8173903: Update various tests to pass under JDK 10 by joe darcy
4
by David Holmes
RFR: 8173827: Remove forRemoval=true from several deprecated security APIs by Sean Mullan
4
by Claes Redestad
RFR: 8145337: [JVMCI] JVMCI initialization with SecurityManager installed fails: java.security.AccessControlException: access denied by Doug Simon @ Oracle
19
by Alan Bateman
RFR(S): 8173763: Two security tests fail with message: "java.security.NoSuchAlgorithmException: EC KeyFactory not available" by Sergei Kovalev
1
by Sean Mullan
RFR: 8173581 : performance regression in com/sun/crypto/provider/OutputFeedback.java by Chuck Rasbold-2
7
by Valerie Peng
RFR(S): 8173478: SSL related tests failes with message: "java.security.NoSuchAlgorithmException: EC KeyFactory not available" by Sergei Kovalev
1
by Xuelei Fan-2
Review: release note for JDK-8015081 by Jamil Nimeh
1
by Sean Mullan
RFR[9] 8062731: Cipher object can be created without calling Cipher.getInstance by Valerie Peng
2
by Valerie Peng
RFR 8168075: Custom system class loader + security manager + malformed policy file = recursive initialization by Adam Petcher
20
by Adam Petcher
Review Request JDK-8172808: Handle sun.security.util.Resources bundle in ResourcesMgr in the same way as AuthResources by Mandy Chung
2
by Sean Mullan
Code Review Request, JDK-8172869 4096 is not supported yet for the DH Parameter Generator by Xuelei Fan-2
3
by Sean Mullan
RFR[9] JDK-8171900: javax/net/ssl/SSLSession/SessionTimeOutTests.java failed with "SSLHandshakeException: Remote host terminated the handshake" by John Jiang
1
by Xuelei Fan-2
Review Request: JDK-8173024 Replace direct use of AuthResources resource bundle from jdk.security.auth by Mandy Chung
8
by Mandy Chung
RFR 8172527: Rename jdk.crypto.token to jdk.crypto.cryptoki by Anthony Scarpino
4
by Mandy Chung
RFR 8172975: SecurityTools.keytool() needs to accept user input by Weijun Wang
8
by Weijun Wang
Code Review Request, JDK-8173066 More verbose debug output for selection of X509 certs by Xuelei Fan-2
1
by Seán Coffey
1234 ... 233