You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Alex Rudyy (JIRA)" <ji...@apache.org> on 2019/03/29 08:31:00 UTC

[jira] [Updated] (QPID-8281) [Broker-J] Regenerate test keystores and trustores containing RSA 1024bit keys

     [ https://issues.apache.org/jira/browse/QPID-8281?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alex Rudyy updated QPID-8281:
-----------------------------
    Status: Reviewable  (was: In Progress)

> [Broker-J] Regenerate test keystores and trustores containing RSA 1024bit keys
> ------------------------------------------------------------------------------
>
>                 Key: QPID-8281
>                 URL: https://issues.apache.org/jira/browse/QPID-8281
>             Project: Qpid
>          Issue Type: Test
>          Components: Java Tests
>            Reporter: Alex Rudyy
>            Assignee: Alex Rudyy
>            Priority: Major
>             Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.1.2, qpid-java-broker-7.0.8
>
>
> Unit and integration tests operating with pre-generated test key-stores are failing with newer JDKs like openjdk-1.8.0.201.b09-2 due to deprecation of RSA 1024bit keys:
> {noformat}
> Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=MyRootCA, O=ACME, ST=Ontario, C=CA.  Usage was tls server
> 	at sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:817)
> 	at sun.security.util.DisabledAlgorithmConstraints$Constraints.permits(DisabledAlgorithmConstraints.java:419)
> 	at sun.security.util.DisabledAlgorithmConstraints.permits(DisabledAlgorithmConstraints.java:167)
> 	at sun.security.provider.certpath.AlgorithmChecker.check(AlgorithmChecker.java:332)
> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1222)
> {noformat}
> Test kestores and key materials based on RSA 1024bit keys need to be re-created with stronger RSA keys



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org