Code Review Request, 7109274, Consider disabling support for X.509 certificates with RSA keys less than 1024 bits
Xuelei Fan
xuelei.fan at oracle.com
Fri Dec 14 02:35:16 UTC 2012
On 12/14/2012 2:18 AM, Sean Mullan wrote:
> Hi Xuelei,
>
> This looks good, although I was wondering if you considered
> re-generating the test certificates with larger keys? This would allow
> the tests to continue to run in samevm mode.
>
I will look into test cases to replace the certificates with stronger ones.
Thanks for the review.
Xuelei
> --Sean
>
> On 12/11/2012 08:12 PM, Xuelei Fan wrote:
>> Hi,
>>
>> Please review the update for JDK-7109274, Consider disabling support for
>> X.509 certificates with RSA keys less than 1024 bits.
>>
>> Webrev: http://cr.openjdk.java.net./~xuelei/7109274/webrev.00/
>>
>> The bug description is not available at bugs.sun.com at present. The
>> purpose of this update is to disable the support of X.509 certificates
>> with RSA keys less than 1024 bits.
>>
>> The key length is an important security parameter to determine the
>> strength of public key based cryptographic algorithms. RSA keys less
>> than 1024 bits are considered breakable [1][2].
>>
>> In this update, we are proposing to restrict the use of certificates
>> with RSA keys less than 1024 bits in length. This restriction is
>> applied via the Java Security property,
>> "jdk.certpath.disabledAlgorithms" [1]. This will impact providers that
>> adhere to this security property, for example, the Sun provider and the
>> SunJSSE provider.
>>
>> The security property, "jdk.certpath.disabledAlgorithms", also covers
>> the use of the static keys (the key in X.509 certificate) used in TLS.
>> Therefore, we don't need to add any further restrictions to the
>> "jdk.tls.disabledAlgorithms" security property.
>>
>> With this key size restriction, those who use X.509 certificates based
>> on RSA keys less than 1024 bits will encounter compatibility issues with
>> certification path building and validation. This key size restriction
>> also impacts JDK components that validate X.509 certificates, for
>> example signed JAR verification, SSL/TLS transportation, HTTPS
>> connections, etc.
>>
>> In order to avoid the compatibility issue, users who use X.509
>> certificates with RSA keys less than 1024 bits are recommended to renew
>> their certificates with stronger keys. As a workaround, at their own
>> risks, users can adjust the key size restriction security property
>> ("jdk.certpath.disabledAlgorithms") or use the
>> java.security.AlgorithmConstraints (introduced in JDK 7) to permit
>> smaller key sizes.
>>
>> Thanks,
>> Xuelei
>>
>> [1]: http://blogs.rsa.com/rsa-768-factored/
>> [2]: http://technet.microsoft.com/en-us/security/advisory/2661254
>>
>
More information about the security-dev
mailing list