8196415: Disable SHA-1 Signed JARs

Backport-of: 278057756a1a79a4b030750c48b821ba9735a0f9
2025-12-11 19:17:23 -06:00 · 2021-04-29 11:14:40 +00:00 · 2021-04-29 11:14:40 +00:00 · 4ea26b8918
commit 4ea26b8918
parent cce99e57e1
1 changed files with 3 additions and 2 deletions
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@ -633,7 +633,8 @@ sun.security.krb5.maxReferrals=5
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01

 #
 # Legacy algorithms for certification path (CertPath) processing and
@ -697,7 +698,7 @@ jdk.security.legacyAlgorithms=SHA1, \
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
 jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
-      DSA keySize < 1024
+      DSA keySize < 1024, SHA1 jdkCA & denyAfter 2019-01-01

 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security