OpenJDK Security Development

This forum is an archive for the mailing list security-dev@openjdk.java.net (more options) Messages posted here will be sent to this mailing list.
The term "Security" has broad meanings and interpretations. It spans a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. The security component thus comprises a large set of APIs, tools, and implementations of commonly-used security algorithms and protocols.

As security concepts such as permissions are tightly interwoven throughout the entire Java source code, these component pages do not address issues in the other primary component areas (language features and virtual machine implementations, core libraries, graphics subsystems, hotspot, serviceability, etc). For a more detailed treatment, please see the corresponding component pages.

The primary emphasis of these pages is to explore the core security components source bases, and hopefully, get developers up to speed quickly.
1234567 ... 235
Topics (8224)
Replies Last Post Views
RFR: 8173827: Remove forRemoval=true from several deprecated security APIs by Sean Mullan
4
by Claes Redestad
RFR: 8145337: [JVMCI] JVMCI initialization with SecurityManager installed fails: java.security.AccessControlException: access denied by Doug Simon @ Oracle
19
by Alan Bateman
RFR(S): 8173763: Two security tests fail with message: "java.security.NoSuchAlgorithmException: EC KeyFactory not available" by Sergei Kovalev
1
by Sean Mullan
RFR: 8173581 : performance regression in com/sun/crypto/provider/OutputFeedback.java by Chuck Rasbold-2
7
by Valerie Peng
RFR(S): 8173478: SSL related tests failes with message: "java.security.NoSuchAlgorithmException: EC KeyFactory not available" by Sergei Kovalev
1
by Xuelei Fan-2
Review: release note for JDK-8015081 by Jamil Nimeh
1
by Sean Mullan
RFR[9] 8062731: Cipher object can be created without calling Cipher.getInstance by Valerie Peng
2
by Valerie Peng
RFR 8168075: Custom system class loader + security manager + malformed policy file = recursive initialization by Adam Petcher
20
by Adam Petcher
Review Request JDK-8172808: Handle sun.security.util.Resources bundle in ResourcesMgr in the same way as AuthResources by Mandy Chung
2
by Sean Mullan
Code Review Request, JDK-8172869 4096 is not supported yet for the DH Parameter Generator by Xuelei Fan-2
3
by Sean Mullan
RFR[9] JDK-8171900: javax/net/ssl/SSLSession/SessionTimeOutTests.java failed with "SSLHandshakeException: Remote host terminated the handshake" by sha.jiang
1
by Xuelei Fan-2
Review Request: JDK-8173024 Replace direct use of AuthResources resource bundle from jdk.security.auth by Mandy Chung
8
by Mandy Chung
RFR 8172527: Rename jdk.crypto.token to jdk.crypto.cryptoki by Anthony Scarpino
4
by Mandy Chung
RFR 8172975: SecurityTools.keytool() needs to accept user input by Weijun Wang
8
by Weijun Wang
Code Review Request, JDK-8173066 More verbose debug output for selection of X509 certs by Xuelei Fan-2
1
by Seán Coffey
RFR: 8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default by Sean Mullan
3
by Mandy Chung
RFR 8172422: jarsigner needs to understand -? by Weijun Wang
6
by Sean Mullan
RFR: 8037325: Class.getConstructor() performance regression by Claes Redestad
3
by Mandy Chung
Feedback on SSLEngine.setHandshakeApplicationProtocolSelector() by Simone Bordet
2
by Vincent Ryan
RFR[9] JDK-8167146: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with "Remote host terminated the handshake" by sha.jiang
2
by Xuelei Fan-2
Asking for a name change in sun.security.provider.certpath.BasicChecker by Weijun Wang
1
by Sean Mullan
RFR: 8037325: Class.getConstructor() performance regression by Christoph Dreis
1
by Claes Redestad
RFR 8172422: jarsigner needs to understand -? by Weijun Wang
1
by Sean Mullan
Is it possible to find out the key size of the signer if we only have the signature by Weijun Wang
2
by Michael StJohns
RFR 8171423: Relocate /test/lib/security/SecurityTools.java by Amanda Jiang
2
by Weijun Wang
RFR: release note for JDK-7004967 SecureRandom should be more explicit about threading by Weijun Wang
1
by Sean Mullan
Code Review Request JDK-8172273, SSLEngine.unwrap fails with ArrayIndexOutOfBoundsException by Xuelei Fan-2
1
by Brad R. Wetmore
Code Review Request JDK-8129988 JSSE should create a single instance of the cacerts KeyStore by Xuelei Fan-2
12
by Sean Mullan
RE: [8u] RFA for backport of JDK-8157665: ProblemList.txt needs to be updated as 7041639 closed by Nikita Jain
1
by Seán Coffey
Code Review Request JDK-8172217, Need debug log for the intermittent failure of AnonCipherWithWantClientAuth by Xuelei Fan-2
4
by Brad R. Wetmore
TLS-PSK status ? by Simone Bordet
3
by Xuelei Fan-2
RFR 8170732: GssKrb5Client sends non-zero buffer size when qop is "auth" by Weijun Wang
2
by Xuelei Fan-2
RFR 8172003: getInstance() with unknown provider throws NPE by Adam Petcher
1
by Sean Mullan
RFR 8172017: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and rcache_usemd5.sh fail on Solaris (Additional pre-authentication required) by Weijun Wang
2
by Sean Mullan
RFR 8157389: Release Note: New default -sigalg for jarsigner and keytool by Weijun Wang
4
by Sean Mullan
1234567 ... 235