JDK-8267268 : [BACKOUT] JDK-8196415 Disable SHA-1 Signed JARs
  • Type: CSR
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P2
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 7u311,8u301,11.0.12-oracle,16.0.2
  • Submitted: 2021-05-17
  • Updated: 2021-05-17
  • Resolved: 2021-05-17
Related Reports
CSR :  
JDK-8267100 - [BACKOUT] JDK-8196415 Disable SHA-1 Signed JARs
Relates :  
JDK-8264362 - Disable SHA-1 Signed JARs
Description
Summary
-------
Revert the JDK changes introduced via CSR JDK-8264362 for update releases.

Problem
-------

Performance issues have been reported with the patch created for JDK-8196415 (and approved via CSR JDK-8264362). Decision to revert the fix for the JDK Update releases while leaving the fix in JDK 17 where a solution can be worked. 
Once a stable solution is in place, a new enhancement will be filed for "Disable SHA-1 Signed JARs" and ported to the JDK Update releases.

Solution
--------

Perform an anti-delta of the patch from JDK-8196415

As a result, no changes will exist in this area for the JDK 16u, JDK 11u, JDK 8u and JDK 7u releases.

Specification
-------------
Remove (revert) the "SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01" change from the `jdk.certpath.disabledAlgorithms` Security property

Remove (revert) the "SHA1 jdkCA & denyAfter 2019-01-01" change from the `jdk.jar.disabledAlgorithms` Security property.
Comments
Moving to Approved.
17-05-2021