Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8140422 Add mechanism to allow non default root CAs to be not subject to algorithm restrictions
  3. JDK-8171464

Release Note: Add mechanism to allow non default root CAs to not be subject to algorithm restrictions

    XMLWordPrintable

    Details

    • Verification:
      Verified

      Backports

        Description

        '**New certpath constraint: jdkCA**
        In the `java.security` file, an additional constraint named "jdkCA" is added to the `jdk.certpath.disabledAlgorithms` property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.

        Example:  To apply this constraint to SHA-1 certificates, include
        the following:  ```SHA1 jdkCA```

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                ascarpino Anthony Scarpino
                Reporter:
                ascarpino Anthony Scarpino
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: