-
Bug
-
Resolution: Fixed
-
P4
-
15
-
b20
-
b24
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8249161 | 11.0.9-oracle | Sean Coffey | P4 | Resolved | Fixed | b02 |
JDK-8249762 | 11.0.9 | Haimay Chao | P4 | Resolved | Fixed | b01 |
JDK-8249679 | 8u271 | Sean Coffey | P4 | Resolved | Fixed | b02 |
JDK-8251767 | emb-8u271 | Haimay Chao | P4 | Resolved | Fixed | team |
JDK-8249775 | 7u281 | Haimay Chao | P4 | Resolved | Fixed | b02 |
1. Signed a jar with options "-digestalg SHA-1" and "-tsadigestalg SHA-1", the output contained the blow lines,
...
jar signed.
Warning:
The SHA-1 algorithm specified for the -digestalg option is considered a security risk. This algorithm will be disabled in a future update.
The SHA-1 algorithm specified for the -tsadigestalg option is considered a security risk. This algorithm will be disabled in a future update.
...
2. Verified the signed jar, two duplicate warnings were raised about SHA-1, like the below,
...
jar verified.
Warning:
The SHA-1 digest algorithm is considered a security risk. This algorithm will be disabled in a future update.
The SHA-1 digest algorithm is considered a security risk. This algorithm will be disabled in a future update.
...
...
jar signed.
Warning:
The SHA-1 algorithm specified for the -digestalg option is considered a security risk. This algorithm will be disabled in a future update.
The SHA-1 algorithm specified for the -tsadigestalg option is considered a security risk. This algorithm will be disabled in a future update.
...
2. Verified the signed jar, two duplicate warnings were raised about SHA-1, like the below,
...
jar verified.
Warning:
The SHA-1 digest algorithm is considered a security risk. This algorithm will be disabled in a future update.
The SHA-1 digest algorithm is considered a security risk. This algorithm will be disabled in a future update.
...
- backported by
-
JDK-8249161 jarsigner should not raise duplicate warnings on verification
- Resolved
-
JDK-8249679 jarsigner should not raise duplicate warnings on verification
- Resolved
-
JDK-8249762 jarsigner should not raise duplicate warnings on verification
- Resolved
-
JDK-8249775 jarsigner should not raise duplicate warnings on verification
- Resolved
-
JDK-8251767 jarsigner should not raise duplicate warnings on verification
- Resolved
- relates to
-
JDK-8172404 Tools should warn if weak algorithms are used before restricting them
- Resolved
(1 relates to)