Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8153005 Upgrade the default PKCS12 encryption/MAC algorithms
  3. JDK-8242069

Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms

    XMLWordPrintable

Details

    • Sub-task
    • Status: Closed
    • P4
    • Resolution: Delivered
    • 7u311, 8u301, 11.0.12-oracle, 16
    • 16
    • security-libs

    Backports

      Description

        The default encryption and MAC algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information.

        For compatibility, a new system property named `keystore.pkcs12.legacy` is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.

        Attachments

          Issue Links

            Activity

              People

                weijun Weijun Wang
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: