From a27a5d9e605d07c40bc1fd1f526c7b3c79311b6f Mon Sep 17 00:00:00 2001 From: Sean Mullan Date: Wed, 21 Apr 2021 08:21:40 -0400 Subject: [PATCH 1/2] 8196415: Disable SHA-1 Signed JARs --- src/java.base/share/conf/security/java.security | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security index a6bb9e142d2ee..5f983faa1c758 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security @@ -634,7 +634,8 @@ sun.security.krb5.maxReferrals=5 # # jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ - RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 + RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 \ + SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01 # # Legacy algorithms for certification path (CertPath) processing and @@ -698,7 +699,7 @@ jdk.security.legacyAlgorithms=SHA1, \ # See "jdk.certpath.disabledAlgorithms" for syntax descriptions. # jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ - DSA keySize < 1024 + DSA keySize < 1024, SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01 # # Algorithm restrictions for Secure Socket Layer/Transport Layer Security From d33c5302f9b42ae5b32f68b7bfc6f4ad50a605e3 Mon Sep 17 00:00:00 2001 From: Sean Mullan Date: Mon, 26 Apr 2021 09:12:24 -0400 Subject: [PATCH 2/2] 8196415: Disable SHA-1 Signed JARs --- src/java.base/share/conf/security/java.security | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security index 47555bf198f0e..378445ee175a4 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security @@ -634,7 +634,7 @@ sun.security.krb5.maxReferrals=5 # # jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \ - RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 \ + RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \ SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01 # @@ -699,7 +699,7 @@ jdk.security.legacyAlgorithms=SHA1, \ # See "jdk.certpath.disabledAlgorithms" for syntax descriptions. # jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ - DSA keySize < 1024, SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01 + DSA keySize < 1024, SHA1 jdkCA & denyAfter 2019-01-01 # # Algorithm restrictions for Secure Socket Layer/Transport Layer Security