RFR: 8153005: Upgrade the default PKCS12 encryption/MAC algorithms
Weijun Wang
weijun at openjdk.java.net
Thu Oct 1 20:09:16 UTC 2020
On Thu, 1 Oct 2020 20:02:34 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Default algorithms are bumped to be based on PBES2 with AES-256 and SHA-256. Please also review the CSR at
> https://bugs.openjdk.java.net/browse/JDK-8228481.
TBD: We bumped iteration counts for PBE and HMAC to 50000 and 100000 when we were using weak algorithms. Now that the
algorithms are strong, we can consider lower them. Currently, openssl 3.0.0 uses 2048 and Windows Server 2019 uses 2000.
-------------
PR: https://git.openjdk.java.net/jdk/pull/473
More information about the security-dev
mailing list