Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8360289

Support algorithm constraints and certificate checks in SunX509 key manager

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Unresolved
    • Icon: P4 P4
    • 26
    • security-libs
    • None
    • behavioral
    • low
    • Hide
      Customers using local certificates signed with algorithms prohibited by the default configuration (notably MD5 and SHA1) no longer will be able to use such certificates without modifying algorithm constraints in `java.security` config file or setting `jdk.tls.SunX509keymanager.certSelectionChecking` system property to `false`.
      Show
      Customers using local certificates signed with algorithms prohibited by the default configuration (notably MD5 and SHA1) no longer will be able to use such certificates without modifying algorithm constraints in `java.security` config file or setting `jdk.tls.SunX509keymanager.certSelectionChecking` system property to `false`.
    • System or security property
    • JDK

      Summary

      Support algorithm constraints and certificate checks in SunX509 key manager

      Problem

      The default SunX509 key manager should support the same certificate checks that are supported by PKIX key manager.

      Solution

      Implement support for algorithm constraints and certificate checks in SunX509 key manager.

      Specification

      New system property to be added which should restore the original SunX509 key manager's behavior when set to false if users want to disable the certificate checks for some reason. The default value for the property is true:

        jdk.tls.SunX509keymanager.certSelectionChecking

            abarashev Artur Barashev
            abarashev Artur Barashev
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated: