One customer reports on java-security.
Implementing DICOM (http://medical.nema.org/) over TLS using JSSE, we had to
realize, that the current version does not accept CA Certificates with public
RSA Keys of 4096 bit length.
But CA Certificates with 4096 bit keys are already quite common - and will
become the norm.
So we need no known, if and when, JSSE will support the validation of
Certifactes with 4096 bit keys - encryption with 4096 bit keys may stay
disabled, if that would violate US export requirements -, to decide if we can
wait for it or if we have to look after alternative solutions.
This is really a limitation of the JSAFE used by the JSSE.
We thought that later versions of Crypto-J (say 3.2.2) might
support the 4096 keylength, but on Aug 1 Chok reported
that RSA didn't know when they would be included. This
is mainly a tracking bug in case we decide to remove
JSAFE, we should see if it supports 4096.