Details
-
Type:
Backport
-
Status: Resolved
-
Priority:
P4
-
Resolution: Delivered
-
Affects Version/s: 7u311, 8u301, 11.0.12-oracle, 16
-
Fix Version/s: 11.0.12-oracle
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
Description
The default encryption algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information.
For compatibility, a new system property named `keystore.pkcs12.legacy` is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.
For compatibility, a new system property named `keystore.pkcs12.legacy` is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.
Attachments
Issue Links
- backport of
-
JDK-8242069 Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms
-
- Closed
-