Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P2
Fix Version/s: 12
Affects Version/s: 7u221, 8u211, 11.0.3-oracle, 12, 13
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b29
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8217574	13	Sean Mullan	P2	Resolved	Fixed	b05
JDK-8217560	12.0.1	Sean Mullan	P2	Resolved	Fixed	b04
JDK-8217724	11.0.4-oracle	Sean Mullan	P2	Resolved	Fixed	b01
JDK-8217523	11.0.3-oracle	Sean Coffey	P2	Closed	Fixed	master
JDK-8219452	11.0.3	Sean Mullan	P2	Closed	Fixed	master
JDK-8219963	openjdk8u212	Sean Mullan	P2	Resolved	Fixed	master
JDK-8218256	8u222	Sean Coffey	P2	Resolved	Fixed	master
JDK-8217787	8u221	Sean Coffey	P2	Resolved	Fixed	b01
JDK-8217988	8u212	Sean Coffey	P2	Resolved	Fixed	b04
JDK-8217524	8u211	Sean Coffey	P2	Closed	Fixed	b04
JDK-8224353	emb-8u221	Sean Coffey	P2	Resolved	Fixed	master
JDK-8221037	emb-8u211	Sean Coffey	P2	Resolved	Fixed	b04
JDK-8217788	7u231	Sean Coffey	P2	Resolved	Fixed	b01
JDK-8217525	7u221	Sean Coffey	P2	Closed	Fixed	b03
JDK-8222657	openjdk7u	Andrew Hughes	P2	Resolved	Fixed	master

The JDK will stop trusting TLS Server certificates by Symantec, in line with similar plans recently announced by Google, Mozilla, Apple, and Microsoft. The list of affected certificates includes certificates branded as GeoTrust, Thawte, and VeriSign, which were managed by Symantec. Any TLS Server certificate issued after April 16, 2019 will be restricted. This change has already been implemented and is in JDK 12 (see ~~JDK-8207258~~).

Apple has requested more time to transition their users off of the legacy Symantec Root CAs that will be distrusted for TLS Server certificates. They are working with DigiCert on a transition plan and have requested a later distrust date: December 31, 2019. This later distrust date would only apply to TLS Server certificates issued from two Apple subordinate CAs: "Apple IST CA 2 - G1" and "Apple IST CA 8 - G1". Any certificate issued after that date will be distrusted. Other vendors such as Mozilla have granted similar exemptions to these Apple subCAs.

backported by

JDK-8217560 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8217574 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8217724 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8217787 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8217788 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8217988 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8218256 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8219963 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8221037 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8222657 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8224353 Allow later Symantec Policy distrust date for two Apple SubCAs

Resolved

JDK-8217523 Allow later Symantec Policy distrust date for two Apple SubCAs

Closed

JDK-8217524 Allow later Symantec Policy distrust date for two Apple SubCAs

Closed

JDK-8217525 Allow later Symantec Policy distrust date for two Apple SubCAs

Closed

JDK-8219452 Allow later Symantec Policy distrust date for two Apple SubCAs

Closed

relates to

JDK-8207258 Distrust TLS server certificates anchored by Symantec Root CAs

Resolved

JDK-8207258 Distrust TLS server certificates anchored by Symantec Root CAs

Resolved

(10 backported by, 2 relates to)

Assignee:: Sean Mullan

Reporter:: Sean Mullan

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Due:: 2019-01-23

Created:: 2019-01-07 09:10

Updated:: 2019-09-04 02:34

Resolved:: 2019-01-22 06:30

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates