OpenJDK Security Development

This forum is an archive for the mailing list security-dev@openjdk.java.net (more options) Messages posted here will be sent to this mailing list.
The term "Security" has broad meanings and interpretations. It spans a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. The security component thus comprises a large set of APIs, tools, and implementations of commonly-used security algorithms and protocols.

As security concepts such as permissions are tightly interwoven throughout the entire Java source code, these component pages do not address issues in the other primary component areas (language features and virtual machine implementations, core libraries, graphics subsystems, hotspot, serviceability, etc). For a more detailed treatment, please see the corresponding component pages.

The primary emphasis of these pages is to explore the core security components source bases, and hopefully, get developers up to speed quickly.
12345 ... 240
Topics (8382)
Replies Last Post Views
RFR JDK-8194257: javax/net/ssl/compatibility/Compatibility.java should be updated for JDK 6 after JDK-8174748 by sha.jiang
1
by Xuelei Fan-2
[10] RFR 8194666: ProblemList update for bugid associated with PreferredKey.java, ConcurrentHashMapTest and SSLSocketParametersTest.sh by Amy Lu-2
1
by Xuelei Fan-2
Bug in SunNativeProvider by Jan Kalina
5
by Valerie Peng
[PATCH]: Support for brainpool curves from CurveDB in SunEC by Tobias Wagner
1
by Adam Petcher
RFR JDK-8189760: sun/security/ssl/CertPathRestrictions/TLSRestrictions.java failed with unexpected Exception intermittently by sha.jiang
1
by Xuelei Fan-2
API review for X25519/X448 by Adam Petcher
2
by Adam Petcher
[8u-dev] Request to Review and for Approval to Backport 8192987 : keytool should remember real storetype if it is not provided by Ivan Gerasimov
2
by Seán Coffey
[11] CSR RFR 8193916: Remove deprecated javax.security.auth.Policy API by Weijun Wang
1
by Sean Mullan
JEP 324: Key Agreement with Curve25519 and Curve448 by mark.reinhold
2
by Adam Petcher
Need help with porting stuff out of classDepth by Fridrich Strba
1
by Alan Bateman
[PATCH]: Support for brainpool curves from CurveDB in SunEC by Tobias Wagner
3
by Adam Petcher
Java 1.3 and JSSE by Elango
2
by Thomas Lußnig-3
1st round RFR 8191438: jarsigner should print when a timestamp will expire by Weijun Wang
4
by Weijun Wang
[8u-dev] Request to Review and for Approval to Backport : 8193156: Need to backout fixes for JDK-8058547, JDK-8055753, JDK-8085903 by Ivan Gerasimov
3
by Ivan Gerasimov
RFR 8192988: keytool should support -storepasswd for pkcs12 keystores by Weijun Wang
2
by Weijun Wang
RFR 8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite by Martin Balao
6
by Weijun Wang
Exploring an alternative AccessController implementation by David Lloyd-2
0
by David Lloyd-2
Permissions in default.policy and --patch-module by Weijun Wang
3
by Alan Bateman
RFR 8189131: Open-source the Oracle JDK Root Certificates by Rajan Halade
21
by Rajan Halade
RFR 8192987: keytool should remember real storetype if it is not provided by Weijun Wang
3
by Sean Mullan
RFR 8193156 : Need to backout fixes for JDK-8058547, JDK-8055753, JDK-8085903 by Ivan Gerasimov
2
by Ivan Gerasimov
Support for ECParameters with explicit (not named) parameter spec by Max Fichtelmann
5
by Bernd Eckenfels-4
[PATCH] JDK-8190917 : SSL session resumption, through handshake, in SSLEngine is broken for any protocols lesser than TLSv1.2 by Jaikiran Pai
4
by Jaikiran Pai
RFR: 8185855: Debug exception stacks should be clearer by Seán Coffey
4
by Seán Coffey
KeyStore.login pin validation for smartcard. by Jason Mehrens
4
by Anders Rundgren
RFR 8190674: sun/security/tools/jarsigner/TimestampCheck.java failed with java.nio.file.NoSuchFileException: ts2.cert by Weijun Wang
1
by Sean Mullan
[10] RFR : 8186628 : SSL session cache can cause a scalability bottleneck by Ivan Gerasimov
10
by Peter Levart
Tls 1.2 support info by rgamarra
4
by Seán Coffey
[10] XXS 8187985 : Broken certificate number in debug output by Ivan Gerasimov
2
by Ivan Gerasimov
[10] XXS 8187497 : Redundant variable assignment in Java_sun_security_jgss_wrapper_GSSLibStub_getMic by Ivan Gerasimov
1
by Bradford Wetmore
KDF specification (final) by Jamil Nimeh
0
by Jamil Nimeh
JEP 319: Root Certificates by mark.reinhold
0
by mark.reinhold
KDF API review, round 2 by Jamil Nimeh
26
by Xuelei Fan-2
RFR: 8186535: Remove deprecated pre-1.2 SecurityManager methods and fields by Sean Mullan
5
by Sean Mullan
RFR[10] 8186057: TLS interoperability testing between different Java versions by sha.jiang
15
by sha.jiang
12345 ... 240