Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8140422 Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
  3. JDK-8171464

Release Note: Add mechanism to allow non default root CAs to not be subject to algorithm restrictions

    Details

    • Verification:
      Verified

      Backports

        Description

        '**New certpath constraint: jdkCA**
        In the `java.security` file, an additional constraint named "jdkCA" is added to the `jdk.certpath.disabledAlgorithms` property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.

        Example:  To apply this constraint to SHA-1 certificates, include
        the following:  ```SHA1 jdkCA```

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ascarpino Anthony Scarpino
                  Reporter:
                  ascarpino Anthony Scarpino
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: