archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 23:04:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8281561: Disable http DIGEST mechanism with MD5 and SHA-1 by default

Browse source 
Reviewed-by: weijun, dfuchs
This commit is contained in:
Michael McMahon 2022-03-28 13:51:55 +00:00
parent 0c472c8a4f
commit 7f2a3ca289
14 changed files with 571 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/java.base/share/classes/java/net/doc-files/net-properties.html
View file

@ -224,6 +224,14 @@ of proxies.</P>
property is defined, then its value will be used as the domain
name.</P>
</OL>
<LI><P><B>{@systemProperty http.auth.digest.reEnabledAlgorithms}</B> (default: &lt;none&gt;)<BR>
By default, certain message digest algorithms are disabled for use in HTTP Digest
authentication due to their proven security limitations. This only applies to proxy
authentication and plain-text HTTP server authentication. Disabled algorithms are still
usable for HTTPS server authentication. The default list of disabled algorithms is specified
in the {@code java.security} properties file and currently comprises {@code MD5} and
{@code SHA-1}. If it is still required to use one of these algorithms, then they can be
re-enabled by setting this property to a comma separated list of the algorithm names.</P>
<LI><P><B>{@systemProperty jdk.https.negotiate.cbt}</B> (default: &lt;never&gt;)<BR>
This controls the generation and sending of TLS channel binding tokens (CBT) when Kerberos
or the Negotiate authentication scheme using Kerberos are employed over HTTPS with