Code Review Request 8139565 Restrict certificates with DSA keys less than 1024 bits
Xuelei Fan
xuelei.fan at oracle.com
Mon Feb 15 00:23:44 UTC 2016
Hi,
Please review this security crypto constraints update:
http://cr.openjdk.java.net/~xuelei/8139565/webrev.00/
This fix updates the java security property,
"jdk.certpath.disabledAlgorithms", to restrict the use of certificates
with DSA keys less than 1024 bits in certification path processing.
Applications can update this restriction in the security property
("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if
really needed (for example, "DSA keySize < 768").
Thanks,
Xuelei
More information about the security-dev
mailing list