Quantcast

OpenJDK Security Development

This forum is an archive for the mailing list security-dev@openjdk.java.net (more options) Messages posted here will be sent to this mailing list.
The term "Security" has broad meanings and interpretations. It spans a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. The security component thus comprises a large set of APIs, tools, and implementations of commonly-used security algorithms and protocols.

As security concepts such as permissions are tightly interwoven throughout the entire Java source code, these component pages do not address issues in the other primary component areas (language features and virtual machine implementations, core libraries, graphics subsystems, hotspot, serviceability, etc). For a more detailed treatment, please see the corresponding component pages.

The primary emphasis of these pages is to explore the core security components source bases, and hopefully, get developers up to speed quickly.
12345 ... 234
Topics (8168)
Replies Last Post Views
[RFR] 8174849: Change SHA1 certpath restrictions by Anthony Scarpino
4
by Jim Manico
RFR 8174909: Doc error in SecureRandom by Weijun Wang
1
by Sean Mullan
JDK 9 RFR of JDK-8174887: Problem list javax/net/ssl/DTLS/RespondToRetransmit.java by Amy Lu-2
1
by Xuelei Fan-2
RFR: 8174837: Add "since=9" to deprecated ContentSigner and ContentSignerParameters classes by Sean Mullan
2
by Weijun Wang
RFR release notes for multiple enhancements: krb5, SASL, JAAS, policytool by Weijun Wang
8
by Sean Mullan
TlsRsaPremasterSecretParameterSpec by Gardiner Michael
3
by Seán Coffey
[9] RFR: 8168423: Test Task: Custom system class loader + security manager + malformed policy file = recursive initialization by Sibabrata Sahoo
6
by Sean Mullan
RFR 8174157: Backout 8151116 by Anthony Scarpino
1
by Sean Mullan
RFR: 8160655 Fix denyAfter and usage types for security properties by Anthony Scarpino
11
by Sean Mullan
RFR [9] 8173708: Re-enable AES cipher with CFB128 mode for Ucrypto provider by Valerie Peng
1
by Bradford Wetmore
RFR : 8173783: IllegalArgumentException: jdk.tls.namedGroups by Seán Coffey
4
by Seán Coffey
RFR 8173410: Add commented config line for jdk.security.provider.preferred by Anthony Scarpino
2
by Anthony Scarpino
[9] 8173956: KeyStore regression due to default keystore being changed to PKCS12 by Vincent Ryan
1
by Xuelei Fan-2
JDK 10 RFR of JDK-8173903: Update various tests to pass under JDK 10 by joe darcy
4
by David Holmes
RFR: 8173827: Remove forRemoval=true from several deprecated security APIs by Sean Mullan
4
by Claes Redestad
RFR: 8145337: [JVMCI] JVMCI initialization with SecurityManager installed fails: java.security.AccessControlException: access denied by Doug Simon @ Oracle
19
by Alan Bateman
RFR(S): 8173763: Two security tests fail with message: "java.security.NoSuchAlgorithmException: EC KeyFactory not available" by Sergei Kovalev
1
by Sean Mullan
RFR: 8173581 : performance regression in com/sun/crypto/provider/OutputFeedback.java by Chuck Rasbold-2
7
by Valerie Peng
RFR(S): 8173478: SSL related tests failes with message: "java.security.NoSuchAlgorithmException: EC KeyFactory not available" by Sergei Kovalev
1
by Xuelei Fan-2
Review: release note for JDK-8015081 by Jamil Nimeh
1
by Sean Mullan
RFR[9] 8062731: Cipher object can be created without calling Cipher.getInstance by Valerie Peng
2
by Valerie Peng
RFR 8168075: Custom system class loader + security manager + malformed policy file = recursive initialization by Adam Petcher
20
by Adam Petcher
Review Request JDK-8172808: Handle sun.security.util.Resources bundle in ResourcesMgr in the same way as AuthResources by Mandy Chung
2
by Sean Mullan
Code Review Request, JDK-8172869 4096 is not supported yet for the DH Parameter Generator by Xuelei Fan-2
3
by Sean Mullan
RFR[9] JDK-8171900: javax/net/ssl/SSLSession/SessionTimeOutTests.java failed with "SSLHandshakeException: Remote host terminated the handshake" by John Jiang
1
by Xuelei Fan-2
Review Request: JDK-8173024 Replace direct use of AuthResources resource bundle from jdk.security.auth by Mandy Chung
8
by Mandy Chung
RFR 8172527: Rename jdk.crypto.token to jdk.crypto.cryptoki by Anthony Scarpino
4
by Mandy Chung
RFR 8172975: SecurityTools.keytool() needs to accept user input by Weijun Wang
8
by Weijun Wang
Code Review Request, JDK-8173066 More verbose debug output for selection of X509 certs by Xuelei Fan-2
1
by Seán Coffey
RFR: 8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default by Sean Mullan
3
by Mandy Chung
RFR 8172422: jarsigner needs to understand -? by Weijun Wang
6
by Sean Mullan
RFR: 8037325: Class.getConstructor() performance regression by Claes Redestad
3
by Mandy Chung
Feedback on SSLEngine.setHandshakeApplicationProtocolSelector() by Simone Bordet
2
by Vincent Ryan
RFR[9] JDK-8167146: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with "Remote host terminated the handshake" by John Jiang
2
by Xuelei Fan-2
Asking for a name change in sun.security.provider.certpath.BasicChecker by Weijun Wang
1
by Sean Mullan
12345 ... 234