JDK-5001004 : Required Security Algorithms need to be defined
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: solaris_9
  • CPU: sparc
  • Submitted: 2004-02-24
  • Updated: 2017-05-16
  • Resolved: 2011-03-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7
7 b130Fixed
Related Reports
Relates :  
Relates :  
Description
The API specifications for java.security, java.security.cert, and javax.crypto packages do not specify requirements for security algorithms and algorithm-specific requirements (e.g. encryption strength).
 
This issue makes it difficult to develop conformance tests. In an extreme case, an implementation can use very weak algorithms and still be considered a valid implementation according to the current javadoc API specification.
 
Furthermore, there is currently no guarantee that applications can interoperate. We need to specify a minimum level of required algorithms and parameters that all JRE implementations must support. This will improve interoperability and guarantee a minimum set of algorithms that all Java applications can depend on.

Comments
EVALUATION Implementation requirements have been added to the class summary of each of the applicable Java security engine classes. A table that summarizes the implementation requirements will be updated/added to the Standard Algorithm Names Document in the JDK 7 security guides area.
2011-01-25

EVALUATION ###@###.### 2004-03-16 Should look into this.
2004-03-16