On Tue, 19 Apr 2022 16:08:28 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
> Please review these changes to add DES/3DES/MD5 to > `jdk.security.legacyAlgorithms` security property, and to add the legacy > algorithm constraint checking to `keytool` commands that are associated with > secret key entries stored in the keystore. These `keytool` commands are > -genseckey, -importpass, -list, and -importkeystore. As a result, `keytool` > will be able to generate warnings when it detects that the secret key based > algorithms and PBE based Mac and cipher algorithms are weak. Also removes the > "This algorithm will be disabled in a future update.” from the existing > warnings for the asymmetric keys/certificates. > Will also file a CSR. src/java.base/share/conf/security/java.security line 657: > 655: # implementations. > 656: > 657: jdk.security.legacyAlgorithms=SHA1, \ Since we are now warning about weak symmetric key algorithms, we should make the description of this property more general. I would change lines 641-2 to "Legacy cryptographic algorithms and key lengths". src/java.base/share/conf/security/java.security line 657: > 655: # implementations. > 656: > 657: jdk.security.legacyAlgorithms=SHA1, \ Since we are now warning about weak symmetric key algorithms, we should make the description of this property more general. I would change lines 641-2 to "Legacy cryptographic algorithms and key lengths". ------------- PR: https://git.openjdk.java.net/jdk/pull/8300
