Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8153005 Upgrade the default PKCS12 encryption/MAC algorithms
  3. JDK-8242069

Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms

    XMLWordPrintable

Details

    • Sub-task
    • Status: Closed
    • P4
    • Resolution: Delivered
    • 7u311, 8u301, 11.0.12-oracle, 16
    • 16
    • security-libs

    Backports

      Description

        The default encryption and MAC algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information.

        For compatibility, a new system property named `keystore.pkcs12.legacy` is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8267168 Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8267169 Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8267264 Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8271369 Regression: keytool and java.security.KeyStore create invalid MAC in PKCS12

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Activity

              People

                weijun Weijun Wang
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: