Code Review Request 8139565 Restrict certificates with DSA keys less than 1024 bits

Sean Mullan sean.mullan at oracle.com
Tue Feb 16 20:22:02 UTC 2016


Looks good.

--Sean

On 02/16/2016 12:16 AM, Xuelei Fan wrote:
> Added a new regression test:
>
>     http://cr.openjdk.java.net/~xuelei/8139565/webrev.01/
>
> Thanks,
> Xuelei
>
> On 2/15/2016 8:23 AM, Xuelei Fan wrote:
>> Hi,
>>
>> Please review this security crypto constraints update:
>>
>>     http://cr.openjdk.java.net/~xuelei/8139565/webrev.00/
>>
>> This fix updates the java security property,
>> "jdk.certpath.disabledAlgorithms", to restrict the use of certificates
>> with DSA keys less than 1024 bits in certification path processing.
>> Applications can update this restriction in the security property
>> ("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if
>> really needed (for example, "DSA keySize < 768").
>>
>> Thanks,
>> Xuelei
>>
>


More information about the security-dev mailing list