8174849: Change SHA1 certpath restrictions

Reviewed-by: mullan
This commit is contained in:
Anthony Scarpino 2017-02-15 12:55:20 -08:00
parent b284200a90
commit ff79e8c1d7
2 changed files with 3 additions and 3 deletions
jdk/src/java.base/share
classes/sun/security/provider/certpath
conf/security

@ -276,7 +276,7 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
PublicKey currPubKey = cert.getPublicKey();
String currSigAlg = x509Cert.getSigAlgName();
String currSigAlg = ((X509Certificate)cert).getSigAlgName();
// Check the signature algorithm and parameters against constraints.
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,

@ -598,8 +598,8 @@ krb5.kdc.bad.policy = tryLast
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
#
#
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & denyAfter 2017-01-01, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, EC keySize < 224
#
# Algorithm restrictions for signed JAR files