Fix Version/s: 14
Compatibility Risk Description:Although we are removing the requirements, SE implementations can still support these algorithms or a 3rd-party JCE provider that supports them can be used. We are not removing the JDK implementations of these algorithms at this time.
Interface Kind:Java API
Remove Java SE requirements to implement security algorithms based on DES or MD5.
To improve portability and interoperability, Java SE implementations are required to support a minimum set of cryptographic algorithms for various security APIs. It makes sense to periodically review these requirements and remove algorithms or modes that are known to be weak and of which usage has declined significantly, such as DES and MD5.
Remove Java SE requirements to implement security algorithms based on DES or MD5 from various security APIs. The relevant classes are:
These requirements will also be removed from the Security Algorithm Implementation Requirements section of the Java Security Standard Algorithm Names specification.
See attached webrev-01.zip.