Updated webrev:
http://cr.openjdk.java.net/~mullan/webrevs/8138653/webrev.01/
The following changes have been made:
- The default key size for DSA has not been changed (stays at 1024) due
to the high risk of breaking compatibility with applications still using
SHA1withDSA (key sizes larger than 1024 may be incompatible and
rejected). We will wait on this one for now.
- The SunPKCS11 default size for RSA keys has been increased to 2048.
- A bug in the PKCS11 tests was fixed which caused the version of newer
NSS libraries to be unrecognized.
--Sean
On 02/24/2016 09:54 AM, Sean Mullan wrote:
Please review this fix to improve security defaults by increasing the
default keysize of the RSA, DSA, and DiffieHellman implementations of
AlgorithmParameterGenerator and KeyPairGenerator from 1024 to 2048 bits:
http://cr.openjdk.java.net/~mullan/webrevs/8138653/webrev.00/
Thanks,
Sean
