Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8267880 Upgrade the default PKCS12 MAC algorithm
  3. JDK-8288297

Release Note: Upgrade the Default PKCS12 MAC Algorithm

    XMLWordPrintable

Details

    Backports

      Description

        The default MAC algorithm used in a PKCS #12 keystore has been updated. The new algorithm is based on SHA-256 and is stronger than the old one based on SHA-1. See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information.

        The new SHA-256 based MAC algorithms were introduced in the 11.0.12, 8u301, and 7u311 JDK versions. Keystores created using this newer, stronger, MAC algorithm cannot be opened in JDK versions earlier than 11.0.12, 8u301, and 7u311. A 'java.security.NoSuchAlgorithmException' exception will be thrown in such circumstances.

        For compatibility, use the `keystore.pkcs12.legacy` system property, which will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.

        Attachments

          Issue Links

            Activity

              People

                pkoppula Prasadarao Koppula
                pkoppula Prasadarao Koppula
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: