Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8243493

Tools shouldn't warn for weak algorithms in cacerts

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Won't Fix
    • Affects Version/s: 15
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:
      None

      Description

      We get following warning while listing cacerts file entries. This will cause more questions to be raised for us to answer. For instance, "if cacerts have weaker keys then when will they be updated".

      <thawtepremiumserverca [jdk]> uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update

      As far as I understand, disabling 1024 keys will not affect CA certificates. Should we have skipped cacerts keystore?
      Not sure if we will disable other truststores from having weaker algorithms. if we won't disable then these warnings should be skipped for all truststores.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hchao Haimay Chao
              Reporter:
              rhalade Rajan Halade
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: