RFR: 8243559: Remove root certificates with 1024-bit keys
Weijun Wang
weijun at openjdk.java.net
Mon Nov 23 15:49:59 UTC 2020
On Mon, 23 Nov 2020 15:08:13 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> This change removes five root certificates with 1024-bit RSA public keys from the system-wide `cacerts` keystore. These are older VeriSign and Thawte root CA certificates which are no longer necessary to retain and should have minimal compatibility risk if removed.
>
> See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8256502
Marked as reviewed by weijun (Reviewer).
Looks fine.
One nit: I see that the `VerifyCACerts.java` test has a whole bunch of `@bug` ids. Maybe we should add this new one as well?
-------------
PR: https://git.openjdk.java.net/jdk/pull/1387
More information about the build-dev
mailing list