Ping?
On 03/04/2015 at 09:26 PM CET Jacob Wisor wrote:
Hello there!
Please review this patch disabling deprecated, broken, or, insecure crypto
algorithms. I think it is fair to say that these should be sane defaults by now,
similar to what main web browser vendors do.
AFAIKT, JDK 8 ships with only one legacy MD5withRSA signed certificate which is
from the GTE CyberTrust Global Root CA. All other CAs have moved to SHA1 or
SHA256 signatures. So this certificate would have to be replaced by package
maintainers and/or release engineers.
If it is too late for JDK 8 then JDK 9 should definitely deploy with these
defaults.
Regards,
Jacob
