Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8267168

Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms

    XMLWordPrintable

    Details

    • Type: Backport
    • Status: Resolved
    • Priority: P4
    • Resolution: Delivered
    • Affects Version/s: 7u311, 8u301, 11.0.2.0.1-oracle, 16
    • Fix Version/s: 7u311
    • Component/s: security-libs

      Description

      The default encryption algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information.

      For compatibility, a new system property named `keystore.pkcs12.legacy` is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cwayne Clifford Wayne
              Reporter:
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: