OpenJDK Security Development

This forum is an archive for the mailing list security-dev@openjdk.java.net (more options) Messages posted here will be sent to this mailing list.
The term "Security" has broad meanings and interpretations. It spans a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. The security component thus comprises a large set of APIs, tools, and implementations of commonly-used security algorithms and protocols.

As security concepts such as permissions are tightly interwoven throughout the entire Java source code, these component pages do not address issues in the other primary component areas (language features and virtual machine implementations, core libraries, graphics subsystems, hotspot, serviceability, etc). For a more detailed treatment, please see the corresponding component pages.

The primary emphasis of these pages is to explore the core security components source bases, and hopefully, get developers up to speed quickly.
123456 ... 240
Topics (8382)
Replies Last Post Views
Dropping the security manager (was Re: Eliminating the security overhead when not running with a security manager) by Jason Tedor
1
by Alan Bateman
[10] RFR 8068024 : Null pointer dereference in jdk/src/macosx/native/apple/security/KeystoreImpl.m by Ivan Gerasimov
2
by Ivan Gerasimov
New JEP Draft: "Open-Source the Root Certificates" by Sean Mullan
2
by dalibor topic-2
[11] RFR JDK-8146293: Add Support for RSA-PSS Signature Algorithm as in PKCS#1 v2.2 by Valerie Peng
0
by Valerie Peng
RFR [10]: JDK-8182484: Remove 1024-bit default requirement from javadoc of java.security.interfaces.DSAKeyPairGenerator by Valerie Peng
5
by Valerie Peng
Eliminating the security overhead when not running with a security manager by Alan Bateman
6
by David Lloyd-2
Fwd: [JCP]JSR-383(Java SE 18.3) Public review - JEP 116:Extended Validation SSL Certificates by Brian Goetz-2
0
by Brian Goetz-2
RFR - 8189646: sun/security/ssl/SSLSocketImpl/SSLSocketCloseHang.java failed with "java.net.SocketTimeoutException: Read timed out" by Rob McKenna
1
by Seán Coffey
Draft design for Key Derivation API by Jamil Nimeh
9
by Adam Petcher
JDK-8180819 No installed provider supports this key: sun.security.pkcs.PKCS8Key by Florian Bruckner (3k...
1
by Adam Petcher
java.net.ConnectException: Received fatal alert: unexpected_message by Sean Dawson
4
by Sean Dawson
RFR 8191137: keytool fails to format resource strings for keys for some languages after JDK-8171319 by Weijun Wang
5
by Sean Mullan
RFR: 8175091: Mark the deprecated java.security.{Certificate,Identity,IdentityScope,Signer} APIs with forRemoval=true by Sean Mullan
1
by Weijun Wang
java.security still talks about "limited" as default by Bernd Eckenfels-4
1
by Bradford Wetmore
RFR: 8175094: Mark the deprecated java.security.acl APIs with forRemoval=true by Sean Mullan
0
by Sean Mullan
How to escape "/" in a distinguished name in a LDAP URI? by Weijun Wang
1
by Rob McKenna
[8u-dev] RFR 8190690: Impact on krb5 test cases in the 8u-CPU nightly by Weijun Wang
1
by Seán Coffey
8190917: SSL session resumption broken for protocols other than TLSv1.2 by Jaikiran Pai
4
by Jaikiran Pai
Tomcat, SPNEGO, Kerberos against two Active Directory services by Andreas Røsdal
1
by Weijun Wang
Code Review Request: JDK-8148421 (Extended Master Secret TLS extension) by Martin Balao
4
by Martin Balao
RFR[10] JDK-8190335: Backout changeset for JDK-8176354 due to JDK-8190333 by sha.jiang
1
by Artem Smotrakov
RFR 8159535: Mark deprecated javax.security.auth.Policy API with forRemoval=true by Weijun Wang
4
by Sean Mullan
RFR 8180289: jarsigner treats timestamped signed jar invalid after the signer cert expires by Weijun Wang
2
by Weijun Wang
Code Review Request: JDK-6491070 (Support for RFC 5929-Channel Bindings) by Martin Balao
10
by Martin Balao
RFR 8189657: LineBrokenMultiByteCharacter.java fails on some systems that does not accept a non-ASCII char in Path by Weijun Wang
1
by Weijun Wang
AW: Arithmetic error in SunEC by Tobias Wagner
1
by Michael StJohns
RFR[10] JDK-8189603: ProblemList sun/security/pkcs11/KeyStore/SecretKeysBasic.sh on Linux platform by sha.jiang
1
by Xuelei Fan-2
Arithmetic error in SunEC by Tobias Wagner
1
by Adam Petcher
RFR 6913047: SunPKCS11 memory leak by Martin Balao
2
by Martin Balao
Manifest Related Bugs JDK-6372077, JDK-6202130, JDK-8176843, JDK-4842483, JDK-6443578, JDK-6910466, JDK-4935610, and JDK-4271239 by Philipp Kunz
1
by Magnus Ihse Bursie
Trouble with SPNEGO by tom
2
by tom
Request for Review: Attributes.map generic types by Philipp Kunz
0
by Philipp Kunz
enable TLS_RSA_WITH_AES_256_CBC_SHA256 in openJDK(build 1.8.0_121-b13) by Su, Scott Di
2
by Seán Coffey
Do we need an unsigned multiplyHigh? by Andrew Haley
7
by John Rose-3
Re: hello, im a new contributor by Vincent Ryan
18
by Weijun Wang
123456 ... 240