JDK-8157035 : Use stronger algorithms and keys for JSSE testing
- Type: Bug
- Component: security-libs
- Sub-Component: javax.net.ssl
- Priority: P3
- Status: Closed
- Resolution: Fixed
- Submitted: 2016-05-16
- Updated: 2018-11-05
- Resolved: 2016-05-18
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 8 | JDK 9 |
|---|---|
8u152Fixed  |
9 b120Fixed |
Related Reports
|
Relates :
|
Description
test/javax/net/ssl/etc/keystore is used a lot for X.509 cert based SSL/TLS authentication. MD5 and SHA1 are used as the signature algorithms. The key size of EC certs is 192 bits. MD5 has been disabled, and 192-bits EC keys will be disabled in the near future(see JDK-8148516). It's time to use stronger algorithms (SHA256) and keys (2048-bits for RSA/DSA and 256-bits for EC)