Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8153005 Upgrade the default PKCS12 encryption/MAC algorithms
  3. JDK-8242069

Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: P4
    • Resolution: Delivered
    • Affects Version/s: 7u311, 8u301, 11.0.12-oracle, 16
    • Fix Version/s: 16
    • Component/s: security-libs

      Backports

        Description

        The default encryption and MAC algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information.

        For compatibility, a new system property named `keystore.pkcs12.legacy` is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                weijun Weijun Wang
                Reporter:
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: