Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8233228

Disable weak named curves by default in TLS, CertPath, and Signed JAR

    XMLWordPrintable

Details

    Backports

      Description

        There is a need to disable crypto operations by named curves to the disabledAlgorithms property. This requires deeper checks into the EC classes than previously supported. With over 50 named curves available, adding individual named curves to each disabledAlgorithms properties is a messy situation and needs a cleaner solution.

        Adding support to the named curves is straight forward to implement; however, with many named curves, the disabledAlgorithm properties will overwhelm with named curves. To relieve this, a new security property, jdk.disabled.namedCurves, is implemented that can list the named curves common to all the disabledAlgorithm properties. To use the new property in the disabledAlgorithm properties, the full property name is used as an entry. Users can still add individual named curves to disabledAlgorithms properties separate from this new property..

        Attachments

          Issue Links

            Activity

              People

                ascarpino Anthony Scarpino
                ascarpino Anthony Scarpino
                Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: