Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P2
Fix Version/s: 9
Affects Version/s: None
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b117
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8169144	8u152	Robert Mckenna	P2	Resolved	Fixed	b01
JDK-8167872	emb-8u121	Robert Mckenna	P2	Resolved	Fixed	b01
JDK-8175447	openjdk7u	Robert Mckenna	P2	Resolved	Fixed	master

We should provide a mechanism or option to distinguish certificates that chain to the default root CAs that are included in the cacerts file in the JRE from those that are added subsequently or otherwise not in the default set (e.g., private CAs used within an enterprise) when enforcing the algorithm restrictions in the jdk.certpath.disabledAlgorithms security property.

This allows certificates that are issued by private CAs to be treated differently with respect to algorithm restrictions. These CAs may not yet be compliant with standard recommendations on weak algorithms and/or may need more time to conform to the restrictions.

backported by

JDK-8167872 Add mechanism to allow non default root CAs to be not subject to algorithm restrictions

Resolved

JDK-8169144 Add mechanism to allow non default root CAs to be not subject to algorithm restrictions

Resolved

JDK-8175447 Add mechanism to allow non default root CAs to be not subject to algorithm restrictions

Resolved

blocks

JDK-8149555 JEP 288: Disable SHA-1 Certificates

Closed

JDK-8154568 Add algorithm constraint that specifies the restriction date

Closed

JDK-8154569 Add algorithm constraint that specifies the restriction date

Closed

JDK-8154570 Add algorithm constraint that specifies the restriction date

Closed

relates to

JDK-8153776 Implement jdkCA constraint

Resolved

JDK-8150455 Reduce synchronization in DisabledAlgorithmConstraints

Closed

JDK-8225099 Tagging jdkCA certs in pkcs12 keystore differently

Closed

JDK-8166362 [TEST_BUG] test sun/net/www/http/HttpClient/B8025710.java failing with cert error in 8u121 b01

Resolved

JDK-8165101 AnchorCertificates throws NPE when cacerts file not found

Closed

JDK-8170131 Certificates not being blocked by jdk.tls.disabledAlgorithms property

Closed

(2 blocks, 6 relates to)

Release Note: Add mechanism to allow non default root CAs to not be subject to algorithm restrictions

Closed

Anthony Scarpino

Assignee:: Anthony Scarpino

Reporter:: Sean Mullan

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Due:: 2016-04-30

Created:: 2015-10-23 13:12

Updated:: 2019-05-30 20:31

Resolved:: 2016-05-02 17:11

Details

Backports

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates