-
Enhancement
-
Resolution: Unresolved
-
P4
-
None
-
None
The algorithm constraints are support in PKIX key manager, however SunX509 key manager does not support it yet. As SunX09 is the default key manager, for default safe, we may want to make more evaluation whether it is possible to support algorithm constraints in SunX509 key manager, too.
If a key manager does not supported algorithm constraints, there may be interop issue because one side cannot select the right cert while the other cert will reject weak cert because of algorithm constraints.
If a key manager does not supported algorithm constraints, there may be interop issue because one side cannot select the right cert while the other cert will reject weak cert because of algorithm constraints.
- relates to
-
JDK-8353113 Peer supported certificate signature algorithms are not being checked with default SunX509 key manager
-
- In Progress
-
-
JDK-8272875 Change the default key manager to PKIX
-
- In Progress
-
- links to
-
Review(master) openjdk/jdk/25016