Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P3
Fix Version/s: 19
Affects Version/s: None
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b17

The java.security.spec.PSSParameterSpec(int) constructor uses SHA-1 as the default hash algorithm. Although SHA-1 is the default algorithm as specified by RFC 8017, SHA-1 is weak and not recommended anymore. Using this constructor without understanding the security risks or that SHA-1 is the default is not recommended. Thus, this constructor should be deprecated with an appropriate warning.

csr for

JDK-8283650 Deprecate the PSSParameterSpec(int) constructor and DEFAULT static field

Closed

links to

Commit openjdk/jdk/028fbf47

Review openjdk/jdk/7913

Release Note: PSSParameterSpec(int) Constructor and DEFAULT Static Constant Are Deprecated

Resolved

Valerie Peng

Assignee:: Valerie Peng

Reporter:: Sean Mullan

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2020-10-16 09:50

Updated:: 2022-04-19 17:17

Resolved:: 2022-04-01 11:40

Details

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates