OpenJDK Security Development

This forum is an archive for the mailing list security-dev@openjdk.java.net (more options) Messages posted here will be sent to this mailing list.
The term "Security" has broad meanings and interpretations. It spans a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. The security component thus comprises a large set of APIs, tools, and implementations of commonly-used security algorithms and protocols.

As security concepts such as permissions are tightly interwoven throughout the entire Java source code, these component pages do not address issues in the other primary component areas (language features and virtual machine implementations, core libraries, graphics subsystems, hotspot, serviceability, etc). For a more detailed treatment, please see the corresponding component pages.

The primary emphasis of these pages is to explore the core security components source bases, and hopefully, get developers up to speed quickly.
1234567 ... 274
Topics (9562)
Replies Last Post Views
Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in si… [v2] by Hai-May Chao-2
7
by Hai-May Chao-2
Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in si… [v3] by Hai-May Chao-2
0
by Hai-May Chao-2
[jdk16] RFR: 8258915: More temporary buffer cleanup by Weijun Wang-2
1
by Weijun Wang-2
Re: RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in si… by Sean Mullan-2
3
by Hai-May Chao-2
RFR: 8253635: Implement toString() for SSLEngineImpl by Xue-Lei Andrew Fan
4
by Xue-Lei Andrew Fan
RFR: 8259582: Backout JDK-8237578 until all affected tests have been fixed by Volker Simonis-3
3
by Volker Simonis-3
RFR: 8259572: [test] Fix SSL tests after JDK-8237578 to properly handle SocketExceptions by Volker Simonis-3
1
by Volker Simonis-3
Re: RFR: 8259319: Illegal package access when SunPKCS11 requires SunJCE's classes [v2] by Martin Balao-2
1
by Valerie Peng-2
RFR: 8237578: JDK-8214339 (SSLSocketImpl wraps SocketException) appears to not be fully fixed by Clive Verghese
18
by Volker Simonis-3
RFR: 8259385: Cleanup unused assignment by Xue-Lei Andrew Fan
4
by Xue-Lei Andrew Fan
RFR: 8259517: Incorrect test path in test cases by Xue-Lei Andrew Fan
4
by Xue-Lei Andrew Fan
Re: RFR: 8259319: Illegal package access when SunPKCS11 requires SunJCE's classes by Valerie Peng-2
3
by Martin Balao-2
Re: RFR: 8258796: [test] Apply HexFormat to tests for java.security [v2] by Xue-Lei Andrew Fan
0
by Xue-Lei Andrew Fan
RFR: 8259065: java.security.Provider should cache default constructors by Claes Redestad-2
17
by Claes Redestad-2
[jdk16] Integrated: 8039278: console.sh failed Automatically with exit code 1 by Rajan Halade-2
1
by Rajan Halade-2
RFR: 8039278: console.sh failed Automatically with exit code 1 by Rajan Halade-2
1
by Rajan Halade-2
RFR: 8259291: Cleanup unnecessary local variables by Xue-Lei Andrew Fan
2
by Xue-Lei Andrew Fan
RFR: 8259312: VerifyCACerts.java fails as soneraclass2ca cert will expire in 90 dayseibcccttchjcjfkgtgbcgitkibtitbvvtbfgejetjlcn by Rajan Halade-2
2
by Rajan Halade-2
Re: RFR: 8248862: Implement Enhanced Pseudo-Random Number Generators [v12] by Jim Laskey-3
1
by Brett Okken-2
Re: RFR: 8248862: Implement Enhanced Pseudo-Random Number Generators [v3] by Paul Sandoz-2
16
by Jim Laskey-3
Re: RFR: 8248862: Implement Enhanced Pseudo-Random Number Generators [v9] by Brett Okken-2
0
by Brett Okken-2
RFR: 8250564: Remove terminally deprecated constructor in GSSUtil by Joe Darcy-2
1
by Alan Bateman-2
Re: RFR: 8248862: Implement Enhanced Pseudo-Random Number Generators [v10] by Jim Laskey-3
0
by Jim Laskey-3
RFR: 8259223: Simplify boolean expression in the SunJSSE provider by Xue-Lei Andrew Fan
3
by Xue-Lei Andrew Fan
RFR: 8258852: Arrays.asList() for single item could be replaced with Collections.singletonList() by Xue-Lei Andrew Fan
9
by Xue-Lei Andrew Fan
Integrated: 8259021: SharedSecrets should avoid double racy reads from non-volatile fields by Peter Levart-3
0
by Peter Levart-3
RFR: 8259069: Fields could be final by Xue-Lei Andrew Fan
2
by Xue-Lei Andrew Fan
Re: RFR: 8259021: SharedSecrets should avoid double racy reads from non-volatile fields [v2] by Peter Levart-3
1
by Hans Boehm-2
Re: RFR: 8259021 avoid double racy reads from non-volatile fields of SharedSecrets [v2] by Claes Redestad-2
0
by Claes Redestad-2
RFR: 8179503: Java should support GET OCSP calls by Jamil Nimeh-2
10
by Jamil Nimeh-2
Contract of the javax.net.ssl.X509KeyManager.chooseClientAlias method by Thomas Fox
2
by Thomas Fox
RFR: 8258914: javax/net/ssl/DTLS/RespondToRetransmit.java timed out by Xue-Lei Andrew Fan
2
by Xue-Lei Andrew Fan
RFR: 8258851: Mismatch in SunPKCS11 provider registration properties and actual implementation by Valerie Peng-2
3
by Valerie Peng-2
RFR: 8258186: Replace use of JNI_COMMIT mode with mode 0 by Valerie Peng-2
4
by Valerie Peng-2
RFR: 8253368: TLS connection always receives close_notify exception by Sean Coffey-2
10
by Sean Coffey-2
1234567 ... 274