Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8172404

Tools should warn if weak algorithms are used before restricting them

    XMLWordPrintable

Details

    Backports

      Description

        It would be useful to also start warning users that SHA-1 and 1024-bit RSA/DSA certificates are a security risk *before* we actually start disabling them.

        We add a new jdk.security.legacyAlgorithms security property to the java.security property file. keytool and jarsigner tools will be enhanced to enforce the new property and to print out informational warnings when the legacy algorithms are used. This enables users to plan transitioning away from them. This would also allow a user to edit these properties independently so that you could still get warnings from tools even if the runtime allowed the algorithm.

        Attachments

          Issue Links

            Activity

              People

                hchao Haimay Chao
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: