JDK-8263664 : Remove root certificates with 1024-bit keys
  • Type: Backport
  • Backport of: JDK-8243559
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2021-03-16
  • Updated: 2021-05-04
  • Resolved: 2021-03-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 16 Other
16Fixed openjdk8u302Fixed
URL: https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/094057298322 User: andrew Date: 2021-05-04 20:08:37 +0000

URL: https://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/rev/094057298322 User: sgehwolf Date: 2021-03-22 10:50:16 +0000

Thread on the jdk8u-dev list asking about objections, concerns about this early removal. I haven't heard back in a couple of days, so pushed it to 8u302. https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-March/013568.html

We've added warnings for weak keys only in 8u292 via JDK-8172404. Currently targeting 8u302 even though this would give users only one release to adjust. OpenJDK 11 added the warning with 11.0.9 and removed them with 11.0.12. We can reconsider at a later point if we should include it with 8u302 or wait for 8u312 or 8u322.