RFR: 8282633: jarsigner output does not explain why an EC key is disabled if its curve has been disabled

Hai-May Chao hchao at openjdk.java.net
Tue Mar 15 15:58:48 UTC 2022


On Tue, 15 Mar 2022 01:16:59 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> When a named curve is disabled in `jdk.disabled.namedCurves` property which is included in `jdk.jar.disabledAlgorithms` and `jdk.certpath.disabledAlgorithms`, `jarsigner` should display the disabled named curve as a result of its disabled algorithm constraint checking. This clarifies why an EC key is disabled in its warning and verbose output.
>
> I think `include jdk.disabled.namedCurves` can also appear in the legacy algorithms, so it's likely there should also be a "key.bit.eccurve.weak" for jarsigner.

@wangweij Thanks for the review.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7810



More information about the security-dev mailing list