RFR: 8243559: Remove root certificates with 1024-bit keys

Sean Mullan mullan at openjdk.java.net
Mon Nov 23 16:24:00 UTC 2020


On Mon, 23 Nov 2020 15:47:25 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This change removes five root certificates with 1024-bit RSA public keys from the system-wide `cacerts` keystore. These are older VeriSign and Thawte root CA certificates which are no longer necessary to retain and should have minimal compatibility risk if removed.
>> 
>> See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8256502
>
> Marked as reviewed by weijun (Reviewer).

> Looks fine.
> 
> One nit: I see that the `VerifyCACerts.java` test has a whole bunch of `@bug` ids. Maybe we should add this new one as well?

Good catch. I will add it.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1387



More information about the security-dev mailing list