-
Sub-task
-
Resolution: Delivered
-
P4
-
7u311, 8u301, 11.0.12-oracle, 16
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8267264 | 11.0.12-oracle | Clifford Wayne | P4 | Resolved | Delivered | |
| JDK-8267169 | 8u301 | Clifford Wayne | P4 | Resolved | Delivered | |
| JDK-8267168 | 7u311 | Clifford Wayne | P4 | Resolved | Delivered |
The default encryption and MAC algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information.
For compatibility, a new system property named `keystore.pkcs12.legacy` is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.
For compatibility, a new system property named `keystore.pkcs12.legacy` is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.
- backported by
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
JDK-8271369 Regression: keytool and java.security.KeyStore create invalid MAC in PKCS12
-
- Closed
-