JDK-8171319 : keytool should print out warnings when reading or generating cert/cert req using weak algorithms
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6,7,8,9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-12-15
  • Updated: 2021-06-10
  • Resolved: 2017-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 10 JDK 7 JDK 8 JDK 9 Other
10Fixed 7u171Fixed 8u151Fixed 9 b160Fixed openjdk7uFixed
Related Reports
Relates :  
JDK-8191840 - Update localizations with positional arguments following JDK-8191137
Relates :  
JDK-8191845 - [TEST_BUG] Too many new-lines in backport of WeakAlg test
Relates :  
JDK-8163304 - jarsigner -verbose -verify should print the algorithms used to sign the jar
Relates :  
JDK-8181737 - Support secret keys and trusted certs in PKCS12 keystore
Relates :  
JDK-8268444 - keytool -v -list print is incorrect after backport JDK-8141457
Relates :  
JDK-8177569 - keytool should not warn if signature algorithm used in cacerts is weak
Relates :  
JDK-8191137 - keytool fails to format resource strings for keys for some languages after JDK-8171319
Sub Tasks
JDK-8176087 :  
Release Note: keytool now prints warnings when reading or generating certificates/certificate requests/CRLs using weak algorithms - Closed
Description
This applies to -gencert, -genkeypair, -certreq, -selfcert, -printcert, -printcrl, and -printcertreq. Also -exportcert and -importcert.

Do we have a list of weak symmetric algorithms? We have -genseckey and -importpass