Code Review Request, 7109274, Consider disabling support for X.509 certificates with RSA keys less than 1024 bits
Sean Mullan
sean.mullan at oracle.com
Thu Dec 13 18:18:33 UTC 2012
Hi Xuelei,
This looks good, although I was wondering if you considered
re-generating the test certificates with larger keys? This would allow
the tests to continue to run in samevm mode.
--Sean
On 12/11/2012 08:12 PM, Xuelei Fan wrote:
> Hi,
>
> Please review the update for JDK-7109274, Consider disabling support for
> X.509 certificates with RSA keys less than 1024 bits.
>
> Webrev: http://cr.openjdk.java.net./~xuelei/7109274/webrev.00/
>
> The bug description is not available at bugs.sun.com at present. The
> purpose of this update is to disable the support of X.509 certificates
> with RSA keys less than 1024 bits.
>
> The key length is an important security parameter to determine the
> strength of public key based cryptographic algorithms. RSA keys less
> than 1024 bits are considered breakable [1][2].
>
> In this update, we are proposing to restrict the use of certificates
> with RSA keys less than 1024 bits in length. This restriction is
> applied via the Java Security property,
> "jdk.certpath.disabledAlgorithms" [1]. This will impact providers that
> adhere to this security property, for example, the Sun provider and the
> SunJSSE provider.
>
> The security property, "jdk.certpath.disabledAlgorithms", also covers
> the use of the static keys (the key in X.509 certificate) used in TLS.
> Therefore, we don't need to add any further restrictions to the
> "jdk.tls.disabledAlgorithms" security property.
>
> With this key size restriction, those who use X.509 certificates based
> on RSA keys less than 1024 bits will encounter compatibility issues with
> certification path building and validation. This key size restriction
> also impacts JDK components that validate X.509 certificates, for
> example signed JAR verification, SSL/TLS transportation, HTTPS
> connections, etc.
>
> In order to avoid the compatibility issue, users who use X.509
> certificates with RSA keys less than 1024 bits are recommended to renew
> their certificates with stronger keys. As a workaround, at their own
> risks, users can adjust the key size restriction security property
> ("jdk.certpath.disabledAlgorithms") or use the
> java.security.AlgorithmConstraints (introduced in JDK 7) to permit
> smaller key sizes.
>
> Thanks,
> Xuelei
>
> [1]: http://blogs.rsa.com/rsa-768-factored/
> [2]: http://technet.microsoft.com/en-us/security/advisory/2661254
>
More information about the security-dev
mailing list