Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4699284

Current JSSE does not support CA certificates with RSA keys of 4096 bits

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: P5 P5
    • None
    • 1.4.1
    • security-libs
    • None

      One customer reports on java-security.

      ===============
      Implementing DICOM (http://medical.nema.org/) over TLS using JSSE, we had to
      realize, that the current version does not accept CA Certificates with public
      RSA Keys of 4096 bit length.

      But CA Certificates with 4096 bit keys are already quite common - and will
      become the norm.

      So we need no known, if and when, JSSE will support the validation of
      Certifactes with 4096 bit keys - encryption with 4096 bit keys may stay
      disabled, if that would violate US export requirements -, to decide if we can
      wait for it or if we have to look after alternative solutions.
      ===============

      This is really a limitation of the JSAFE used by the JSSE.
      We thought that later versions of Crypto-J (say 3.2.2) might
      support the 4096 keylength, but on Aug 1 Chok reported
      that RSA didn't know when they would be included. This
      is mainly a tracking bug in case we decide to remove
      JSAFE, we should see if it supports 4096.

      ###@###.### 2002-06-07

            wetmore Bradford Wetmore
            wetmore Bradford Wetmore
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: