Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8272875

Change the default key manager to PKIX

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 20
    • Component/s: security-libs
    • Labels:
      None

      Description

      The current key manager is SunX509, which is configured in the java.security. The SunX509 algorithm does not check of the local certificate, and there are known problems if there are multiple certificates in the local key store (see JDK-8199440). The PKIX algorithm should be preferred now so that the default key manager could be more robust.

      java.security:
      - ssl.KeyManagerFactory.algorithm=SunX509
      + ssl.KeyManagerFactory.algorithm=PKIX

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hchao Haimay Chao
              Reporter:
              xuelei Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: