Skip to content


Browse files Browse the repository at this point in the history
8281561: Disable http DIGEST mechanism with MD5 and SHA-1 by default
Reviewed-by: weijun, dfuchs
  • Loading branch information
Michael-Mc-Mahon committed Mar 28, 2022
1 parent 0c472c8 commit 7f2a3ca
Show file tree
Hide file tree
Showing 14 changed files with 571 additions and 95 deletions.
Expand Up @@ -224,6 +224,14 @@ <H2>Misc HTTP URL stream protocol handler properties</H2>
property is defined, then its value will be used as the domain
<LI><P><B>{@systemProperty http.auth.digest.reEnabledAlgorithms}</B> (default: &lt;none&gt;)<BR>
By default, certain message digest algorithms are disabled for use in HTTP Digest
authentication due to their proven security limitations. This only applies to proxy
authentication and plain-text HTTP server authentication. Disabled algorithms are still
usable for HTTPS server authentication. The default list of disabled algorithms is specified
in the {@code} properties file and currently comprises {@code MD5} and
{@code SHA-1}. If it is still required to use one of these algorithms, then they can be
re-enabled by setting this property to a comma separated list of the algorithm names.</P>
<LI><P><B>{@systemProperty jdk.https.negotiate.cbt}</B> (default: &lt;never&gt;)<BR>
This controls the generation and sending of TLS channel binding tokens (CBT) when Kerberos
or the Negotiate authentication scheme using Kerberos are employed over HTTPS with
Expand Down

1 comment on commit 7f2a3ca

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.