Java Crypto Updates Delayed

Graham Steel
April 7, 2017

In January 2017 Oracle released a Java update with a number of improvements to its crypto security. These included increasing minimum parameters (1024 bits for RSA XML signatures and DSA certificates, 256 bits for Elliptic curve keys used in TLS,..), and changing the treatment of a number of crypto operations (for example, JARs signed with less-than-1024-bit RSA keys are now considered unsigned). However, these changes would be considered overdue my most standards agencies: both the 2016 NIST and ECRYPT standards consider 1024 bits RSA suitable only for legacy use. This highlights a problem with Java: every upgrade must take into account the vast amount of deployed code that might break when these parameters are changed.

Delays

On March 14th 2017, some important updates were delayed, presumably because of the legacy burden. These include: increasing the minimum Diffie-Hellman group size in TLS to 1024 bits (again, 1024 is already considered legacy-only by NIST and ECRYPT), now slated for 2018, and untrusting SHA-1 certificates in TLS certificate chains, now moved to July 2017. Finally, the untrusting of JAR files signed with MD5 digests has also slipped to April 18th 2017.

Further info

Find out more about configuring Java crypto options, and see what crypto your Java applications are using with our Analyzer.