8174849: Change SHA1 certpath restrictions
Reviewed-by: mullan
This commit is contained in:
parent
b284200a90
commit
ff79e8c1d7
jdk/src/java.base/share
@ -276,7 +276,7 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
|
||||
|
||||
AlgorithmParameters currSigAlgParams = algorithmId.getParameters();
|
||||
PublicKey currPubKey = cert.getPublicKey();
|
||||
String currSigAlg = x509Cert.getSigAlgName();
|
||||
String currSigAlg = ((X509Certificate)cert).getSigAlgName();
|
||||
|
||||
// Check the signature algorithm and parameters against constraints.
|
||||
if (!constraints.permits(SIGNATURE_PRIMITIVE_SET, currSigAlg,
|
||||
|
@ -598,8 +598,8 @@ krb5.kdc.bad.policy = tryLast
|
||||
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
|
||||
#
|
||||
#
|
||||
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & denyAfter 2017-01-01, \
|
||||
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
|
||||
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
|
||||
DSA keySize < 1024, EC keySize < 224
|
||||
|
||||
#
|
||||
# Algorithm restrictions for signed JAR files
|
||||
|
Loading…
x
Reference in New Issue
Block a user