Bug ID: JDK-8266971 JDK-8196415 cause significant startup regressions on apps that include any SHA-1 signed JAR

Type: Bug
Component: security-libs
Sub-Component: java.security
Affected Version: 17

Priority: P3
Status: Resolved
Resolution: Not an Issue

Submitted: 2021-05-12
Updated: 2021-06-25
Resolved: 2021-06-25

In applications that include any SHA-1 signed JAR, the changes in JDK-8196415 provoke a 50-100ms regression, mostly caused by added work in static initializers in the sun.security.util package.

This was detected simultaneously in 8u301-b04, 16.0.2-b04 and 17-b21. JDK-8196415 is not a CPU fix, but has still been rushed to be backported before performance testing in the 17 mainline caught it.

No longer an issue now that JDK-8196415 has been backed out of JDK 17 and JDK 18. Any potential new performance issue will be reassessed as part of the reworking of disabling SHA-1 JARs for JDK 18, see JDK-8269039.

25-06-2021

I have implemented a patch for this which should reduce most of the performance impact (I will need someone from the performance team to confirm). However, it needs more bake time so I will be retargeting this issue to JDK 18 and backing out the disabling of SHA-1 JARs from JDK 17 (https://bugs.openjdk.java.net/browse/JDK-8267100).

18-06-2021

Relates :	JDK-8269039 - Disable SHA-1 Signed JARs (Take 2)
Relates :	JDK-8267100 - [BACKOUT] JDK-8196415 Disable SHA-1 Signed JARs
Relates :	JDK-8196415 - Disable SHA-1 Signed JARs