> On May 16, 2016, at 9:34 PM, Xuelei Fan <xuelei....@oracle.com> wrote: > > On 5/16/2016 9:13 PM, Wang Weijun wrote: >> I downloaded the files and they match what you described below. >> >> Can you please added a text file describing how they are generated. > The generation is straightforward with keytool. May not need an > additional text file any more.
Binary files are usually not allowed in OpenJDK. If you have to include some, add some description. > >> Also, I see a unknown_keystore in the same directory still using the weak >> algorithms. Do you also intent to update it? >> > Not sure of the use cases for unknown_keystore. No plan to touch it > this time. It is used by CheckMyTrustedKeystore.java which has @ignore. So let it be. --Max > > Thanks, > Xuelei > >> Thanks >> Max >> >>> On May 16, 2016, at 8:52 PM, Xuelei Fan <xuelei....@oracle.com> wrote: >>> >>> Hi, >>> >>> Please review this test update: >>> http://cr.openjdk.java.net/~xuelei/8157035/webrev.00/ >>> >>> test/javax/net/ssl/etc/keystore and truststore are used a lot for X.509 >>> cert based SSL/TLS authentication in JDK testing. MD5 and SHA1 are used >>> as the signature algorithms. The key size of EC certs is 192 bits. >>> >>> MD5 has been disabled, and 192-bits EC keys will be disabled in the near >>> future(see JDK-8148516). It's time to use stronger algorithms (SHA256) >>> and keys (2048-bits for RSA and 256-bits for EC). >>> >>> This update renew the RSA cert with 2048-bits key and the EC cert with >>> 256-bits key. And the hash algorithms of the signatures are now SHA256. >>> >>> Note that the DSA entry is not updated this time. >>> >>> Thanks, >>> Xuelei >> >