Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8233228

Disable weak named curves by default in TLS, CertPath, and Signed JAR

    Details

      Backports

        Description

        There is a need to disable crypto operations by named curves to the disabledAlgorithms property. This requires deeper checks into the EC classes than previously supported. With over 50 named curves available, adding individual named curves to each disabledAlgorithms properties is a messy situation and needs a cleaner solution.

        Adding support to the named curves is straight forward to implement; however, with many named curves, the disabledAlgorithm properties will overwhelm with named curves. To relieve this, a new security property, jdk.disabled.namedCurves, is implemented that can list the named curves common to all the disabledAlgorithm properties. To use the new property in the disabledAlgorithm properties, the full property name is used as an entry. Users can still add individual named curves to disabledAlgorithms properties separate from this new property..

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ascarpino Anthony Scarpino
                  Reporter:
                  ascarpino Anthony Scarpino
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: