Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8254935

Deprecate the PSSParameterSpec(int) constructor

    XMLWordPrintable

    Details

      Description

      The java.security.spec.PSSParameterSpec(int) constructor uses SHA-1 as the default hash algorithm. Although SHA-1 is the default algorithm as specified by RFC 8017, SHA-1 is weak and not recommended anymore. Using this constructor without understanding the security risks or that SHA-1 is the default is not recommended. Thus, this constructor should be deprecated with an appropriate warning.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              valeriep Valerie Peng
              Reporter:
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: