-
CSR
-
Resolution: Approved
-
P4
-
None
-
behavioral
-
minimal
-
System or security property
-
JDK
Summary
Incorrect regex syntax is used when describing the jdk.certpath.disabledAlgorithm property's UsageConstraint in the java.security file. It indicates that usage types are optional when at least one usage type must be specified.
Problem
Current syntax indicates that usage types are optional:
UsageConstraint:
usage [TLSServer] [TLSClient] [SignedJAR]This is incorrect as at least one usage type must be specified.
Solution
Replace the current text with the proper regex syntax.
Specification
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -535,7 +535,10 @@ sun.security.krb5.maxReferrals=5
# denyAfter YYYY-MM-DD
#
# UsageConstraint:
-# usage [TLSServer] [TLSClient] [SignedJAR]
+# usage UsageType { UsageType }
+#
+# UsageType:
+# TLSServer | TLSClient | SignedJAR
#
# IncludeProperty:
# include <security property>
@@ -598,9 +601,9 @@ sun.security.krb5.maxReferrals=5
# use the following: "RSA keySize == 2048 & denyAfter 2020-02-03"
#
# UsageConstraint:
-# usage [TLSServer] [TLSClient] [SignedJAR]
+# usage UsageType { UsageType }
# This constraint prohibits the specified algorithm for
-# a specified usage. This should be used when disabling an algorithm
+# a specified UsageType. This should be used when disabling an algorithm- csr of
-
JDK-8352277 java.security documentation: incorrect regex syntax describing "usage" algorithm constraint
-
- In Progress
-