[RFR] 8174849: Change SHA1 certpath restrictions - issue with 3rd party JCE provider
Anthony Scarpino
anthony.scarpino at oracle.com
Thu Jul 13 18:26:40 UTC 2017
On 07/12/2017 11:59 PM, Langer, Christoph wrote:
> Hi Sean,
>
>>> So, I guess I would be fine if this could at least be changed for JDKs <= 8 for
>> compatibility reasons. I can understand if for JDK >= 9 we say this is a new
>> release and the standard algorithm names shall be enforced. Wouldn't that
>> be a good compromise?
>>
>> Yes. In fact I think the most robust solution (even for 9 and later) is
>> to look at the encoded AlgorithmId in the X.509 certificate to determine
>> what signature algorithm is being used, and this would eliminate the
>> compatibility risk with third party providers using non-standard Java
>> names. This is exactly what X509CertImpl.getSigAlgName() is doing.
>
> OK, I will file a bug and post a change for review.
>
> I then suggest to also revert JDK10 and 9 to use
> X509CertImpl.getSigAlgName() forthe time being until some better
> check to go for the encoded AlgorithmId. Would you be fine with
> that
Looking back at the original code, before any of these changes were put
in, it was always "((X509Certificate)cert).getSigAlgName();". I would
guess I changed this in February to go back to the original method called.
>
>
>> Also, note that you can probably also workaround this issue by adding a
>> specific "SHA1/RSA" constraint to the jdk.certpath.disabledAlgorithms
>> security property.
>
> Hm, I thought with that property you would only define a negative
> list of algorithms that are not supported (out of the known ones).
> But is it possible to specify an unknown algorithm name to whitelist?
It is a negative list and it has to match the algorithm name. There is
no unknown/catch-all.
>
> Thanks
> Christoph
>
More information about the security-dev
mailing list