Summary

The PKCS12 Mac Algorithm changes discussed in CSR JDK-8228481 have raised interoperability concerns for JDK 11u/8u/7u. The HmacPBESHA256 algorithm will be newly introduced in JDK 11.0.12, JDK 8u301 and JDK 7u311.

Problem

As such, any application operating with PKCS12 keystores would need this new HmacPBESHA256 algorithm if using default keystore PKCS12 values. This may hinder interoperability with older JDK update releases where a PKCS12 keystore might get created on a recent JDK 11 Update but becomes unusable on an earlier JDK 11 update release.

HmacPBESHA256 was newly introduced in JDK 12 but only became the default PKCS12 Mac algorithm in JDK 16.

Solution

Delay the switching of default PKCS12 Mac Algorithm to HmacPBESHA256 for 11.0.12, JDK 8u301 and JDK 7u311. Use HmacPBESHA1 instead. HmacPBESHA1 has been available in all supported JDK release families since GA of that release family. Revert back the default PKCS12 Mac iteration count from 10000 to 100000 also.

We can revisit reverting to stronger default values in JDK 11u/8u/7u after a few update releases when the HmacPBESHA256should be more widely available as a consequence of end users updating their JDK versions.

End users will have full control over what default PKCS12 values get used via the new keystore.pkcs12.macAlgorithm and keystore.pkcs12.macIterationCount security properties which have already been integrated into 11.0.12, JDK 8u301 and JDK 7u311 codelines.

Specification

revert default PKCS12 MAC algorithm: - private static final String DEFAULT_MAC_ALGORITHM = "HmacPBESHA256"; + private static final String DEFAULT_MAC_ALGORITHM = "HmacPBESHA1";

revert default PKCS12 MAC iteration count: - private static final int DEFAULT_MAC_ITERATION_COUNT = 10000; + private static final int DEFAULT_MAC_ITERATION_COUNT = 100000;

Update the java.security file relevant comment section with same detail.