Skip to content
This repository was archived by the owner on Sep 2, 2022. It is now read-only.

Commit 4ea26b8

Browse files
Prajwal Kumaraswamycoffeys
Prajwal Kumaraswamy
authored and
coffeys
committed
8196415: Disable SHA-1 Signed JARs
Backport-of: 278057756a1a79a4b030750c48b821ba9735a0f9
1 parent cce99e5 commit 4ea26b8

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

src/java.base/share/conf/security/java.security

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -633,7 +633,8 @@ sun.security.krb5.maxReferrals=5
633633
#
634634
#
635635
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
636-
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
636+
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
637+
SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01
637638

638639
#
639640
# Legacy algorithms for certification path (CertPath) processing and
@@ -697,7 +698,7 @@ jdk.security.legacyAlgorithms=SHA1, \
697698
# See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
698699
#
699700
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
700-
DSA keySize < 1024
701+
DSA keySize < 1024, SHA1 jdkCA & denyAfter 2019-01-01
701702

702703
#
703704
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security

0 commit comments

Comments
 (0)