Description of problem: The /usr/share/crypto-policies/DEFAULT/java.txt file contains this line: jdk.certpath.disabledAlgorithms=MD2, MD5, DSA, RSA keySize < 2048 This prevents use of 2048-bit DSA keys, which is the default when creating a keypair with keytool. Version-Release number of selected component (if applicable): crypto-policies-20180425-1.git6ad4018.fc28 How reproducible: Always. Steps to Reproduce: 1. keytool -genkeypair -dname O=o -storepass stpass -keypass kypass -keystore test.jks Actual results: Warning: The generated certificate uses the SHA256withDSA signature algorithm which is considered a security risk. The generated certificate uses a 2048-bit DSA key which is considered a security risk. Also, most importantly, the generated keypair cannot be used for SSL connections with the openjdk provided by Fedora. Expected results: The warning should not appear. The keypair should be usable for SSL connections. Additional info: If 2048-bit DSA is intentionally being disabled, it would be nice to see some documentation to that effect, with a well-sourced rationale.
Should we re-assign the issue to keytool? The fact that it generates DSA keys looks like a misfeature. DSA is intentionally disabled by default on F28 over all components. DSA is not used by new security protocols any more (doesn't exist as a negotiation option under TLS1.3), and was a very rarely used option under previous protocols (TLS1.2 or earlier). In fact only DSA-1024 is documented under these protocols. DSA-2048 may or may not work depending on the implementation (and even worse may not interoperate).
It's indeed the default (also in JDK 12): http://hg.openjdk.java.net/jdk/jdk/file/c4a39588a075/src/java.base/share/classes/sun/security/tools/keytool/Main.java#l1120 I've asked upstream why that is: http://mail.openjdk.java.net/pipermail/security-dev/2018-October/018455.html
Upstream has now gone down the route of issuing a warning when keytool is invoked without specifying an algorithm by default as being done in comment 0. Looking at [1] it appears the default algorithm setting is going to get removed in JDK 13 or JDK 14. [1] https://bugs.openjdk.java.net/browse/JDK-8214024
Thank you for the follow up.
This message is a reminder that Fedora 28 is nearing its end of life. On 2019-May-28 Fedora will stop maintaining and issuing updates for Fedora 28. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '28'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 28 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
JDK 12, packaged via java-latest-openjdk in Fedora, now issues a warning about not using the -keyalg option: <mock-chroot> sh-5.0# java -version openjdk version "12.0.1" 2019-04-16 OpenJDK Runtime Environment 19.3 (build 12.0.1+12) OpenJDK 64-Bit Server VM 19.3 (build 12.0.1+12, mixed mode, sharing) <mock-chroot> sh-5.0# rpm -q java-latest-openjdk java-latest-openjdk-12.0.1.12-1.rolling.fc31.x86_64 <mock-chroot> sh-5.0# keytool -genkeypair -dname O=o -storepass stpass -keypass kypass -keystore test.jks Warning: Different store and key passwords not supported for PKCS12 KeyStores. Ignoring user-specified -keypass value. Generating 2,048 bit DSA key pair and self-signed certificate (SHA256withDSA) with a validity of 90 days for: O=o Warning: No -keyalg option. The default key algorithm (DSA) is a legacy algorithm and is no longer recommended. In a subsequent release of the JDK, the default will be removed and the -keyalg option must be specified. The generated certificate uses the SHA256withDSA signature algorithm which is considered a security risk. The generated certificate uses a 2048-bit DSA key which is considered a security risk. I'll keep this bug open until JDK-8214024 is fixed upstream. Probably JDK 14 or so.
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to '31'.
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to 31.
(In reply to Severin Gehwolf from comment #6) > I'll keep this bug open until JDK-8214024 is fixed upstream. Probably JDK 14 > or so. JDK-8214024 got fixed for JDK 14. Once this lands, we can close this bug. https://bugs.openjdk.java.net/browse/JDK-8214024
This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle. Changing version to 32.
This presumably can be closed for java-latest-openjdk now. We still need to do something with java-1.8.0-openjdk & java-11-openjdk though.