-
Type:
Sub-task
-
Resolution: Delivered
-
Priority:
P4
-
Affects Version/s: 6u141, 7u131, 8u121, 9
-
Component/s: security-libs
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8174753 | 7u131 | Clifford Wayne | P4 | Closed | Delivered | |
| JDK-8174752 | 6u141 | Clifford Wayne | P4 | Closed | Delivered |
'**New certpath constraint: jdkCA**
In the `java.security` file, an additional constraint named "jdkCA" is added to the `jdk.certpath.disabledAlgorithms` property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.
Example: To apply this constraint to SHA-1 certificates, include
the following: ```SHA1 jdkCA```
In the `java.security` file, an additional constraint named "jdkCA" is added to the `jdk.certpath.disabledAlgorithms` property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.
Example: To apply this constraint to SHA-1 certificates, include
the following: ```SHA1 jdkCA```
- backported by
-
-
- Closed
-
-
-
- Closed
-