Code Review Request of JDK-8157035 Use stronger algorithms and keys for JSSE testing
Xuelei Fan
xuelei.fan at oracle.com
Mon May 16 13:34:01 UTC 2016
On 5/16/2016 9:13 PM, Wang Weijun wrote:
> I downloaded the files and they match what you described below.
>
> Can you please added a text file describing how they are generated.
The generation is straightforward with keytool. May not need an
additional text file any more.
> Also, I see a unknown_keystore in the same directory still using the weak algorithms. Do you also intent to update it?
>
Not sure of the use cases for unknown_keystore. No plan to touch it
this time.
Thanks,
Xuelei
> Thanks
> Max
>
>> On May 16, 2016, at 8:52 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>> Hi,
>>
>> Please review this test update:
>> http://cr.openjdk.java.net/~xuelei/8157035/webrev.00/
>>
>> test/javax/net/ssl/etc/keystore and truststore are used a lot for X.509
>> cert based SSL/TLS authentication in JDK testing. MD5 and SHA1 are used
>> as the signature algorithms. The key size of EC certs is 192 bits.
>>
>> MD5 has been disabled, and 192-bits EC keys will be disabled in the near
>> future(see JDK-8148516). It's time to use stronger algorithms (SHA256)
>> and keys (2048-bits for RSA and 256-bits for EC).
>>
>> This update renew the RSA cert with 2048-bits key and the EC cert with
>> 256-bits key. And the hash algorithms of the signatures are now SHA256.
>>
>> Note that the DSA entry is not updated this time.
>>
>> Thanks,
>> Xuelei
>
More information about the security-dev
mailing list