Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8233228

Disable weak named curves by default in TLS, CertPath, and Signed JAR

    XMLWordPrintable

Details

    Backports

      Description

        There is a need to disable crypto operations by named curves to the disabledAlgorithms property. This requires deeper checks into the EC classes than previously supported. With over 50 named curves available, adding individual named curves to each disabledAlgorithms properties is a messy situation and needs a cleaner solution.

        Adding support to the named curves is straight forward to implement; however, with many named curves, the disabledAlgorithm properties will overwhelm with named curves. To relieve this, a new security property, jdk.disabled.namedCurves, is implemented that can list the named curves common to all the disabledAlgorithm properties. To use the new property in the disabledAlgorithm properties, the full property name is used as an entry. Users can still add individual named curves to disabledAlgorithms properties separate from this new property..

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8236219 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8246649 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8251653 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8257582 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8259484 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8263373 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8238051 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8238052 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8238182 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8257160 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            csr for

            CSR - null JDK-8235540 Disable weak named curves by default in TLS, CertPath, and Signed JAR

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8226374 Restrict TLS signature schemes and named groups

            • P3 - Major loss of function.
            • Resolved

            Enhancement - null JDK-8235710 Remove the legacy elliptic curves

            • P3 - Major loss of function.
            • Resolved

            Enhancement - null JDK-8248745 Add jarsigner and keytool tests for restricted algorithms

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8233227 Update TLS disabledAlgorithms curve syntax

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Enhancement - null JDK-8246330 Add TLS Tests for Legacy ECDSA curves

            • P3 - Major loss of function.
            • Resolved
            links to

            Commit Commit openjdk/jdk13u-dev/b452c821

            Review Review openjdk/jdk13u-dev/32

            Activity

              People

                ascarpino Anthony Scarpino
                ascarpino Anthony Scarpino
                Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: