JDK-8267319 : Use Larger Default Key Sizes and Algorithms Based on CNSA
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2021-05-18
  • Updated: 2022-11-19
  • Resolved: 2022-03-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 19
19 b16Fixed
Related Reports
CSR :  
JDK-8282995 - Use larger default key sizes and algorithms based on CNSA
Relates :  
JDK-8283665 - Two Jarsigner tests needs to be updated with JDK-8267319
Relates :  
JDK-8267330 - Reassess Suite B TLS cipher suite preference
Relates :  
JDK-8283727 - P11KeyGenerator has import statement with two semicolons after JDK-8267319
Relates :  
JDK-8283476 - Update the provider default keysizes in the "JDK Providers Documentation"
Sub Tasks
JDK-8283475 :  
Release Note: Use Larger Default key Sizes if not Explicitly Specified - Resolved
Description
We should re-evaluate our support for NSA Suite B Cryptographic Algorithms: https://openjdk.java.net/jeps/129. According to Wikipedia, Suite B was replaced with the Commercial National Security Algorithm Suite in 2018: https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite
Comments
BTW, this is for CNSA 2.0.
19-11-2022
Changeset: 313bc7f6 Author: Valerie Peng <valeriep@openjdk.org> Date: 2022-03-24 22:50:26 +0000 URL: https://git.openjdk.java.net/jdk/commit/313bc7f64f69d8f352d495d2c35bea62aca910e4
24-03-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk/pull/7652 Date: 2022-03-02 00:13:41 +0000
02-03-2022