Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8172404

Tools should warn if weak algorithms are used before restricting them

    Details

      Backports

        Description

        It would be useful to also start warning users that SHA-1 and 1024-bit RSA/DSA certificates are a security risk *before* we actually start disabling them.

        We add a new jdk.security.legacyAlgorithms security property to the java.security property file. keytool and jarsigner tools will be enhanced to enforce the new property and to print out informational warnings when the legacy algorithms are used. This enables users to plan transitioning away from them. This would also allow a user to edit these properties independently so that you could still get warnings from tools even if the runtime allowed the algorithm.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  hchao Haimay Chao
                  Reporter:
                  weijun Weijun Wang
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: