Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8251547

Remove the legacy elliptic curves

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 16
    • security-libs
    • None
    • low
    • The commonly used curves are supported in the java implementation and the others are not widely used or obsoleted. Users of the removed curves could cause them to get a 3rd party provider to continue their usage.
    • System or security property, Other
    • JDK

      Summary

      Removal of obsolete elliptic curves support, including underlying library libsunec.

      Problem

      Weaknesses in the implementation of the native library EC code make it necessary to remove support for future releases. The most common EC curves have already been re-implemented in Java in the SunEC JCE provider.

      Solution

      The final step of the obsoleted elliptic curve support is removal from the SunEC provider for future releases. This includes the removal of the native library and the now unnecessary jdk.sunec.disableNative system property in SunEC [1]. Support for these curves must be found via a 3rd party provider. SunEC will continue to support curves secp256r1, secp384r1, secp521r1, x25519, x448, ed25519, and ed448.

      Specification

      Removal of the following elliptic curves from the SunEC provider: secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1 brainpoolP320r1, brainpoolP384r1, brainpoolP512r1

      A release note will be provided that these curves support has been removed.

      Applications that use these curves via SunEC will receive an exception that the curve is not supported. This is consistent with any unsupported curve; as well as JDK 15 which is disabled by default.

      Below are java.security diffs removing the entries for the disabled curves, but keeping the namedCurves property in case it is useful for other means going forward.

      @@ -493,20 +493,11 @@
  #
  # This property contains a list of disabled EC Named Curves that can be included
  # in the jdk.[tls|certpath|jar].disabledAlgorithms properties.  To include this
  # list in any of the disabledAlgorithms properties, add the property name as
  # an entry.
- jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
-     secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \
-     secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \
-     sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \
-     sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \
-     sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \
-     X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \
-     X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \
-     X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \
-     brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
+ #jdk.disabled.namedCurves=

  #
  # Algorithm restrictions for certification path (CertPath) processing
  #
  # In some environments, certain algorithms or key lengths may be undesirable
@@ -640,12 +631,11 @@
  # Example:
  #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
  #
  #
  jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
-     include jdk.disabled.namedCurves
+     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

  #
  # Legacy algorithms for certification path (CertPath) processing and
  # signed JAR files.
  #
@@ -705,11 +695,11 @@
  # implementations.
  #
  # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
  #
  jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
-       DSA keySize < 1024, include jdk.disabled.namedCurves
+       DSA keySize < 1024

  #
  # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
  # (SSL/TLS/DTLS) processing
  #
@@ -740,12 +730,11 @@
  #
  # Example:
  #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, \
  #       rsa_pkcs1_sha1, secp224r1
  jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
-     EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
-     include jdk.disabled.namedCurves
+     EC keySize < 224, 3DES_EDE_CBC, anon, NULL

  #
  # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
  # processing in JSSE implementation.
  #

      1: CSR: https://bugs.openjdk.java.net/browse/JDK-8238911

            ascarpino Anthony Scarpino
            mullan Sean Mullan
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: