Code Review Request, 7109274, Consider disabling support for X.509 certificates with RSA keys less than 1024 bits
Xuelei Fan
xuelei.fan at oracle.com
Wed Dec 12 01:12:25 UTC 2012
Hi,
Please review the update for JDK-7109274, Consider disabling support for
X.509 certificates with RSA keys less than 1024 bits.
Webrev: http://cr.openjdk.java.net./~xuelei/7109274/webrev.00/
The bug description is not available at bugs.sun.com at present. The
purpose of this update is to disable the support of X.509 certificates
with RSA keys less than 1024 bits.
The key length is an important security parameter to determine the
strength of public key based cryptographic algorithms. RSA keys less
than 1024 bits are considered breakable [1][2].
In this update, we are proposing to restrict the use of certificates
with RSA keys less than 1024 bits in length. This restriction is
applied via the Java Security property,
"jdk.certpath.disabledAlgorithms" [1]. This will impact providers that
adhere to this security property, for example, the Sun provider and the
SunJSSE provider.
The security property, "jdk.certpath.disabledAlgorithms", also covers
the use of the static keys (the key in X.509 certificate) used in TLS.
Therefore, we don't need to add any further restrictions to the
"jdk.tls.disabledAlgorithms" security property.
With this key size restriction, those who use X.509 certificates based
on RSA keys less than 1024 bits will encounter compatibility issues with
certification path building and validation. This key size restriction
also impacts JDK components that validate X.509 certificates, for
example signed JAR verification, SSL/TLS transportation, HTTPS
connections, etc.
In order to avoid the compatibility issue, users who use X.509
certificates with RSA keys less than 1024 bits are recommended to renew
their certificates with stronger keys. As a workaround, at their own
risks, users can adjust the key size restriction security property
("jdk.certpath.disabledAlgorithms") or use the
java.security.AlgorithmConstraints (introduced in JDK 7) to permit
smaller key sizes.
Thanks,
Xuelei
[1]: http://blogs.rsa.com/rsa-768-factored/
[2]: http://technet.microsoft.com/en-us/security/advisory/2661254
More information about the security-dev
mailing list