JDK-4699284 : Current JSSE does not support CA certificates with RSA keys of 4096 bits
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 1.4.1
  • Priority: P5
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic
  • CPU: generic
  • Submitted: 2002-06-08
  • Updated: 2002-06-14
  • Resolved: 2002-06-14
Related Reports
Duplicate :  
One customer reports on java-security.

Implementing DICOM (http://medical.nema.org/) over TLS using JSSE, we had to 
realize, that the current version does not accept CA Certificates with public 
RSA Keys of 4096 bit length.

But CA Certificates with 4096 bit keys are already quite common - and will 
become the norm.

So we need no known, if and when, JSSE will support the validation of 
Certifactes with 4096 bit keys - encryption with 4096 bit keys may stay 
disabled, if that would violate US export requirements  -, to decide if we can 
wait for it or if we have to look after alternative solutions.

This is really a limitation of the JSAFE used by the JSSE.  
We thought that later versions of Crypto-J (say 3.2.2) might
support the 4096 keylength, but on Aug 1 Chok reported
that RSA didn't know when they would be included.  This
is mainly a tracking bug in case we decide to remove
JSAFE, we should see if it supports 4096.

###@###.### 2002-06-07

EVALUATION Closing this as duplicate of 4524097. Thanks Andreas, for pointing this out. ###@###.### 2002-06-14