JDK-8156985 : Security Administration Guide
  • Type: Enhancement
  • Component: docs
  • Sub-Component: guides
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2016-05-14
  • Updated: 2019-10-09
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
tbdUnresolved
Related Reports
Relates :  
JDK-8173224 - Document jdk.tls.legacyAlgorithms security property
Description
Algorithms evolve and previously strong ones become weak and obsolete. Sometimes we disable them, sometimes we don't recommend them. We see this in TLS ciphersuites, CertPath algorithms, default and supported algorithms of keytool and jarsigner, and allow_weak_crypto of Kerberos encryption types. We need a centralized place to describe all of them and the principal we are following as a security guide.
Comments
Raised priority to P2 and targeted to JDK 10. This is something we are really missing in our docs. The information about how to use and configure Java security via security properties, system properties is scattered in various places (release notes, crypto roadmap, various guides, etc) and really needs to be centralized in an overall Administration guide.
07-04-2017
What I think we really need is an overall "Administering Java Security" guide. The number of security and system properties and other configuration files has grown over the years and there should be a central place to document this information.
28-06-2016