-
Enhancement
-
Resolution: Won't Fix
-
P3
-
None
-
b157
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8175715 | 10 | Anthony Scarpino | P3 | Resolved | Fixed | b02 |
ExtendedKeyUsageConstraint parameter should be added to allow the restrictions to apply to certificates based on their key usage. Here is a suggested syntax:
# ExtendedKeyUsageConstraint
# eku Usage(,Usage)*
#
# Usage
# any | serverAuth | clientAuth | codeSigning | emailProtection | timeStamping | OCSPSigning
This type of constraint is useful for phasing out algorithms and providing different restrictions on different types of certificates.
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, SHA-1 notAfter 20170101 eku serverAuth, clientAuth, codeSigning
# ExtendedKeyUsageConstraint
# eku Usage(,Usage)*
#
# Usage
# any | serverAuth | clientAuth | codeSigning | emailProtection | timeStamping | OCSPSigning
This type of constraint is useful for phasing out algorithms and providing different restrictions on different types of certificates.
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, SHA-1 notAfter 20170101 eku serverAuth, clientAuth, codeSigning
- backported by
-
JDK-8175715 Add extended key usage constraint to the jdk.certpath.disabledAlgorithms security property
-
- Resolved
-
- relates to
-
JDK-8174157 Backout 8151116
-
- Closed
-