Bug ID: JDK-8267880 Upgrade the default PKCS12 MAC algorithm

JDK-8267880 : Upgrade the default PKCS12 MAC algorithm

Type: Enhancement
Component: security-libs
Sub-Component: java.security
Affected Version: 7-pool,8-pool,11-pool

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2021-05-27
Updated: 2022-08-01
Resolved: 2022-06-03

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 7	JDK 8
11.0.17-oracle b01Fixed	7u361Fixed	8u351Fixed

Related Reports

CSR :	JDK-8287642 - Upgrade the default PKCS12 MAC algorithm
Relates :	JDK-8267701 - Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u
Relates :	JDK-8076190 - Customizing the generation of a PKCS12 keystore
Relates :	JDK-8153005 - Upgrade the default PKCS12 encryption/MAC algorithms

Sub Tasks

JDK-8288297 :

Release Note: Upgrade the default PKCS12 MAC algorithm - Resolved

Description

Upgrade the default PKCS12 Mac algorithm by changing the default values of the following security properties to:

keystore.pkcs12.macAlgorithm = HmacPBESHA256
keystore.pkcs12.macIterationCount = 10000

Comments

A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/1296 Date: 2022-08-01 10:44:32 +0000

01-08-2022

Fix request [11u] I want to make this change for parity with 11.0.17-oracle and the security roadmap I crafted it along JDK-8153005 and JDK-8267599, which brought this change and backed it out again in 11.0.12.

01-08-2022

This was made the default in JDK 16 as part of JDK-8153005.

27-05-2021