In another "thread" there was a reference to a site which showed
zero out of the top 178,000 sites using the weak key :
https://www.trustworthyinternet.org/ssl-pulse/
-phil.
On 12/28/2012 1:18 PM, Alan Bateman wrote:
On 28/12/2012 09:41, Xuelei Fan wrote:
Hi,
This is a request to backport a JDK 8 fix into JDK 7u12:
7109274: Restrict the use of certificates with RSA keys less than
1024 bits
Do you have any data to know if RSA keys < 1024 bits are used much
these days? On the surface it seems risky to rush into jdk7u without
any bake time in jdk8 first. On the other hand folks do need to be
encouraged to upgrade from weak keys, it's just whether to disable it
now or give some advance notice that this change is coming (I realize
Microsoft did the same thing a few months ago).
-Alan
