[JDK-8267264] Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms - Java Bug System

XML

Word

Printable

Details

Type: Backport
Status: Resolved
Priority: P4
Resolution: Delivered
Affects Version/s: 7u311, 8u301, 11.0.12-oracle, 16
Fix Version/s: 11.0.12-oracle
Component/s: security-libs
Labels:
- RN-Change
- release-note

Subcomponent:
java.security

Description

The default encryption algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information.

For compatibility, a new system property named `keystore.pkcs12.legacy` is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.

Attachments

Issue Links

backport of

JDK-8242069 Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms

Closed

Activity

People

Assignee:: Clifford Wayne

Reporter:: Weijun Wang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021-05-17 10:38

Updated:: 2021-07-13 14:00

Resolved:: 2021-07-13 14:00