Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8172404

Tools should warn if weak algorithms are used before restricting them

    XMLWordPrintable

Details

    Backports

      Description

        It would be useful to also start warning users that SHA-1 and 1024-bit RSA/DSA certificates are a security risk *before* we actually start disabling them.

        We add a new jdk.security.legacyAlgorithms security property to the java.security property file. keytool and jarsigner tools will be enhanced to enforce the new property and to print out informational warnings when the legacy algorithms are used. This enables users to plan transitioning away from them. This would also allow a user to edit these properties independently so that you could still get warnings from tools even if the runtime allowed the algorithm.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8243981 Tools should warn if weak algorithms are used before restricting them

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8243983 Tools should warn if weak algorithms are used before restricting them

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8243984 Tools should warn if weak algorithms are used before restricting them

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8246690 Tools should warn if weak algorithms are used before restricting them

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8251693 Tools should warn if weak algorithms are used before restricting them

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8257217 Tools should warn if weak algorithms are used before restricting them

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8258893 Tools should warn if weak algorithms are used before restricting them

            • P3 - Major loss of function.
            • Resolved
            csr for

            CSR - null JDK-8238640 Tools should warn if weak algorithms are used before restricting them

            • P3 - Major loss of function.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8243493 Tools shouldn't warn for weak algorithms in cacerts

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8245151 jarsigner should not raise duplicate warnings on verification

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8263817 java.util.MissingResourceException if add cert with GOST key in cacerts

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8245665 Test WeakAlg.java should only make sure no warning for weak signature algorithms by keytool on root CA

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8260286 Manual Test "ws/open/test/jdk/sun/security/tools/jarsigner/compatibility/Compatibility.java" fails

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8255402 Warnings generated for JDK cacerts keystore

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8240552 Update jarsigner and keytool man pages for the legacy algorithms

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8263664 Remove root certificates with 1024-bit keys

            • P3 - Major loss of function.
            • Resolved
            links to

            Commit Commit openjdk/jdk13u-dev/dd3d55e5

            Review Review openjdk/jdk13u-dev/237

            Activity

              People

                hchao Haimay Chao
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: