https://issues.apache.org/bugzilla/show_bug.cgi?id=53785
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #2 from Mark Thomas <ma...@apache.org> ---
Tomcat supports the use of any MessageDigest provided by the JRE. Additional
algorithms may be supported by adding 3rd party security providers to the JRE.
FYI:
- as far as the Sun JRE is concerned, SHA is an alias for SHA-1.
- the MessageDigests supported by the latest Sun JDKs for Java 5 to Java 7 are:
MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512
One open source provider is BouncyCastle. It certainly provides additional
digests although I haven't investigated how secure they are.
I do not see the point in adding bloat to Tomcat to provide a feature that the
JRE already provides.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
