Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8237219 Disable native SunEC implementation by default
  3. JDK-8241386

Release Note: Disable Native SunEC Implementation by Default

XMLWordPrintable

      The SunEC crypto provider no longer advertises curves that are not implemented by using modern formulas and techniques. Arbitrary and named curves, listed at the bottom of this note, are disabled. Commonly used named curves, secp256r1, secp384r1, secp521r1, x25519, and x448, remain supported and enabled by SunEC because they use modern techniques. Applications that still require the disabled curves from the SunEC provider can re-enable them by setting the System property `jdk.sunec.disableNative` to `false`. For example: `java -Djdk.sunec.disableNative=false ...`.
      If this property is set to any other value, the curves will remain disabled. Exceptions thrown when the curves are disabled will contain the message `Legacy SunEC curve disabled`, followed by the name of the curve. Methods affected by the change are `KeyPair.generateKeyPair()`, `KeyAgreement.generateSecret()`, `Signature.verify()`, and `Signature.sign()`. These methods throw the same exception class they had before when the curve was not supported.

      The following curves are disabled: secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1 brainpoolP320r1, brainpoolP384r1, brainpoolP512r1

            ascarpino Anthony Scarpino
            ascarpino Anthony Scarpino
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: