Code Review Request 8139565 Restrict certificates with DSA keys less than 1024 bits
Xuelei Fan
xuelei.fan at oracle.com
Tue Feb 16 05:16:22 UTC 2016
Added a new regression test:
http://cr.openjdk.java.net/~xuelei/8139565/webrev.01/
Thanks,
Xuelei
On 2/15/2016 8:23 AM, Xuelei Fan wrote:
> Hi,
>
> Please review this security crypto constraints update:
>
> http://cr.openjdk.java.net/~xuelei/8139565/webrev.00/
>
> This fix updates the java security property,
> "jdk.certpath.disabledAlgorithms", to restrict the use of certificates
> with DSA keys less than 1024 bits in certification path processing.
> Applications can update this restriction in the security property
> ("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if
> really needed (for example, "DSA keySize < 768").
>
> Thanks,
> Xuelei
>
More information about the security-dev
mailing list