Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Unresolved
Priority: P3
Fix Version/s: None
Affects Version/s: None
Component/s: security-libs
Labels:
None

Subcomponent:
javax.net.ssl

The current key manager is SunX509, which is configured in the java.security. The SunX509 algorithm does not check of the local certificate, and there are known problems if there are multiple certificates in the local key store (see ~~JDK-8199440~~). The PKIX algorithm should be preferred now so that the default key manager could be more robust.

java.security:
- ssl.KeyManagerFactory.algorithm=SunX509
+ ssl.KeyManagerFactory.algorithm=PKIX

blocks

JDK-8136720 The PKIX KeyManagerFactory algorithm is underspecified

Open

relates to

JDK-8199440 JDK selects wrong certificate during two-way SSL handshake

Closed

JDK-8322767 TLS full handshake is slow with PKCS12KeyStore and X509KeyManagerImpl

Open

Assignee:: Haimay Chao

Reporter:: Xuelei Fan

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2021-08-23 21:40

Updated:: 2024-04-01 07:29

Details

Description

Attachments

Issue Links

Activity

People

Dates