Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8140422

Add mechanism to allow non default root CAs to be not subject to algorithm restrictions

    Details

    • Subcomponent:
    • Resolved In Build:
      b117
    • Verification:
      Verified

      Backports

        Description

        We should provide a mechanism or option to distinguish certificates that chain to the default root CAs that are included in the cacerts file in the JRE from those that are added subsequently or otherwise not in the default set (e.g., private CAs used within an enterprise) when enforcing the algorithm restrictions in the jdk.certpath.disabledAlgorithms security property.

        This allows certificates that are issued by private CAs to be treated differently with respect to algorithm restrictions. These CAs may not yet be compliant with standard recommendations on weak algorithms and/or may need more time to conform to the restrictions.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ascarpino Anthony Scarpino
                  Reporter:
                  mullan Sean Mullan
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Due:
                    Created:
                    Updated:
                    Resolved: