Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8151116

Add extended key usage constraint to the jdk.certpath.disabledAlgorithms security property

    XMLWordPrintable

    Details

      Backports

        Description

        ExtendedKeyUsageConstraint parameter should be added to allow the restrictions to apply to certificates based on their key usage. Here is a suggested syntax:

        # ExtendedKeyUsageConstraint
        # eku Usage(,Usage)*
        #
        # Usage
        # any | serverAuth | clientAuth | codeSigning | emailProtection | timeStamping | OCSPSigning

        This type of constraint is useful for phasing out algorithms and providing different restrictions on different types of certificates.

        jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, SHA-1 notAfter 20170101 eku serverAuth, clientAuth, codeSigning

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                ascarpino Anthony Scarpino
                Reporter:
                ascarpino Anthony Scarpino
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: