RFR: 8243559: Remove root certificates with 1024-bit keys
Sean Mullan
mullan at openjdk.java.net
Mon Nov 23 16:24:00 UTC 2020
On Mon, 23 Nov 2020 15:47:25 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This change removes five root certificates with 1024-bit RSA public keys from the system-wide `cacerts` keystore. These are older VeriSign and Thawte root CA certificates which are no longer necessary to retain and should have minimal compatibility risk if removed.
>>
>> See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8256502
>
> Marked as reviewed by weijun (Reviewer).
> Looks fine.
>
> One nit: I see that the `VerifyCACerts.java` test has a whole bunch of `@bug` ids. Maybe we should add this new one as well?
Good catch. I will add it.
-------------
PR: https://git.openjdk.java.net/jdk/pull/1387
More information about the security-dev
mailing list