RFR: 8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs [v2]
Sean Mullan
mullan at openjdk.org
Fri Aug 30 20:47:21 UTC 2024
On Fri, 30 Aug 2024 20:25:26 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> Please review this change to distrust TLS server certificates issued after October 31, 2024 and anchored by Entrust Root CAs. This change is in line with similar plans recently announced by Google and Mozilla. TLS server certificates issued before this date will continue to be valid until they expire. This restriction should have minimal compatibility impact since Entrust has announced they will be using a partner (SSL.com) for all TLS server certificates issued after Oct 31, 2024.
>>
>> See the CSR for more details: https://bugs.openjdk.org/browse/JDK-8339194
>
> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>
> remove unused files
Looks good. Please also have Rajan review.
src/java.base/share/classes/sun/security/validator/EntrustTLSPolicy.java line 2:
> 1: /*
> 2: * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
Copyright only needs 2024.
-------------
Marked as reviewed by mullan (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/20731#pullrequestreview-2266196242
PR Review Comment: https://git.openjdk.org/jdk/pull/20731#discussion_r1734637556
More information about the security-dev
mailing list