JDK-8242069 : Release Note: Upgraded the Default PKCS12 Encryption and MAC Algorithms
- Type: Sub-task
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 7u311,8u301,11.0.12-oracle,16
- Priority: P4
- Status: Closed
- Resolution: Delivered
- Submitted: 2020-04-03
- Updated: 2021-12-02
- Resolved: 2021-12-02
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 16 | JDK 7 | JDK 8 |
|---|---|---|---|
| 11.0.12-oracleResolved | 16Resolved  |
7u311Resolved | 8u301Resolved |
Related Reports
|
Relates :
|
Description
The default encryption and MAC algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with `keystore.pkcs12` in the `java.security` file for detailed information. For compatibility, a new system property named `keystore.pkcs12.legacy` is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.