[11u] RFR: 8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR

Andrew Haley aph at redhat.com
Wed Jun 3 08:29:46 UTC 2020

On 02/06/2020 16:59, Lindenmaier, Goetz wrote:
> http://cr.openjdk.java.net/~goetz/wr20/8233228-disable_weak_curves-jdk11/01/
> Please review.

Looks good.

My God, what a mess elliptic-curve cryptography can be when used in
the real world! [1]  It makes me yearn for the good old simplicity of
RSA, and reminds us all how easy it is to be tempted by the call of
"efficient" public-key cryptography.

[1] http://safecurves.cr.yp.to/

Andrew Haley  (he/him)
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671

More information about the jdk-updates-dev mailing list