JDK-5001004 : Required Security Algorithms need to be defined
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 5.0
- Priority: P2
- Status: Closed
- Resolution: Fixed
- OS: solaris_9
- CPU: sparc
- Submitted: 2004-02-24
- Updated: 2024-12-12
- Resolved: 2011-03-05
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 7 |
|---|
7 b130Fixed  |
Related Reports
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
Description
The API specifications for java.security, java.security.cert, and javax.crypto packages do not specify requirements for security algorithms and algorithm-specific requirements (e.g. encryption strength). This issue makes it difficult to develop conformance tests. In an extreme case, an implementation can use very weak algorithms and still be considered a valid implementation according to the current javadoc API specification. Furthermore, there is currently no guarantee that applications can interoperate. We need to specify a minimum level of required algorithms and parameters that all JRE implementations must support. This will improve interoperability and guarantee a minimum set of algorithms that all Java applications can depend on.
Comments
|