Code review request, JDK-8168822, Document that algorithm restrictions do not apply to trusted certs

Wang Weijun weijun.wang at oracle.com
Thu Oct 27 00:30:32 UTC 2016


I don't think this applies to jdk.jar.disabledAlgorithms. While the 
private key algorithm and key size are determined by the certificate, I 
think they are always checked even if the end-entity cert is trusted 
(For example, a trusted self-signed cert).

Thanks
Max

On 10/27/2016 8:04 AM, Xuelei Fan wrote:
> Hi,
>
> Please review the simple fix:
>
>     http://cr.openjdk.java.net/~xuelei/8168822/webrev/
>
> Algorithm restrictions do not apply to trusted certs as the
> application or customer has made the decision to trust the "trusted
> cert".  However, this point is not explicit for general developers and
> users.  We'd better to clarify this point explicitly.
>
> In the update, I add a short note for each algorithm constraint security
> properties:
>
>    Note: Algorithm restrictions do not apply to trusted certificates.
>
> Doc only update, no new regression test.
>
> Thanks,
> Xuelei


More information about the security-dev mailing list