On 28/12/2012 09:41, Xuelei Fan wrote:
Hi,
This is a request to backport a JDK 8 fix into JDK 7u12:
7109274: Restrict the use of certificates with RSA keys less than
1024 bits
Do you have any data to know if RSA keys < 1024 bits are used much these
days? On the surface it seems risky to rush into jdk7u without any bake
time in jdk8 first. On the other hand folks do need to be encouraged to
upgrade from weak keys, it's just whether to disable it now or give some
advance notice that this change is coming (I realize Microsoft did the
same thing a few months ago).
-Alan
