Skip to content
This repository has been archived by the owner on Sep 2, 2022. It is now read-only.

Commit

Permalink
8196415: Disable SHA-1 Signed JARs
Browse files Browse the repository at this point in the history
Backport-of: 278057756a1a79a4b030750c48b821ba9735a0f9
  • Loading branch information
Prajwal Kumaraswamy authored and coffeys committed Apr 29, 2021
1 parent cce99e5 commit 4ea26b8
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions src/java.base/share/conf/security/java.security
Expand Up @@ -633,7 +633,8 @@ sun.security.krb5.maxReferrals=5
#
#
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01

#
# Legacy algorithms for certification path (CertPath) processing and
Expand Down Expand Up @@ -697,7 +698,7 @@ jdk.security.legacyAlgorithms=SHA1, \
# See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
#
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024
DSA keySize < 1024, SHA1 jdkCA & denyAfter 2019-01-01

#
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
Expand Down

1 comment on commit 4ea26b8

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.