JDK-8157035 : Use stronger algorithms and keys for JSSE testing
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-05-16
  • Updated: 2018-11-05
  • Resolved: 2016-05-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u152Fixed 9 b120Fixed
Related Reports
Relates :  
Description
test/javax/net/ssl/etc/keystore is used a lot for X.509 cert based SSL/TLS authentication.   MD5 and SHA1 are used as the signature algorithms. The key size of EC certs is 192 bits.

MD5 has been disabled, and 192-bits EC keys will be disabled in the near future(see JDK-8148516). It's time to use stronger algorithms (SHA256) and keys (2048-bits for RSA/DSA and 256-bits for EC)