From a067c42e5628c0b374496f5a02d58717a07726dc Mon Sep 17 00:00:00 2001
From: Prajwal Kumaraswamy <prajwal.kumaraswamy@oracle.com>
Date: Thu, 29 Apr 2021 10:52:36 +0000
Subject: [PATCH] Backport 278057756a1a79a4b030750c48b821ba9735a0f9

---
 src/java.base/share/conf/security/java.security | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index 338c2d52fe3..18112e45b7d 100644
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -633,7 +633,8 @@ sun.security.krb5.maxReferrals=5
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01
 
 #
 # Legacy algorithms for certification path (CertPath) processing and
@@ -697,7 +698,7 @@ jdk.security.legacyAlgorithms=SHA1, \
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
 jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
-      DSA keySize < 1024
+      DSA keySize < 1024, SHA1 jdkCA & denyAfter 2019-01-01
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security