Code Review Request of JDK-8157035 Use stronger algorithms and keys for JSSE testing
Xuelei Fan
xuelei.fan at oracle.com
Mon May 16 12:52:40 UTC 2016
Hi,
Please review this test update:
http://cr.openjdk.java.net/~xuelei/8157035/webrev.00/
test/javax/net/ssl/etc/keystore and truststore are used a lot for X.509
cert based SSL/TLS authentication in JDK testing. MD5 and SHA1 are used
as the signature algorithms. The key size of EC certs is 192 bits.
MD5 has been disabled, and 192-bits EC keys will be disabled in the near
future(see JDK-8148516). It's time to use stronger algorithms (SHA256)
and keys (2048-bits for RSA and 256-bits for EC).
This update renew the RSA cert with 2048-bits key and the EC cert with
256-bits key. And the hash algorithms of the signatures are now SHA256.
Note that the DSA entry is not updated this time.
Thanks,
Xuelei
More information about the security-dev
mailing list