Symantec Certificate Support

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Symantec Certificate Support

David Dillard

Hi,

 

Just saw an Oracle blog post that says:

 

Oracle's JDK will stop trusting TLS certificates issued by Symantec, in line with similar plans recently announced by Google, Mozilla, Apple, and Microsoft. The list of affected certificates includes certificates branded as GeoTrust, Thawte, and VeriSign, which were managed by Symantec.

 

Starting with the critical patch releases planned for April 16, 2019, all supported JDK versions -that is 12, 11, 8 and 7- will begin distrusting new TLS Server certificates issued through the affected trust anchors (roots).

 

TLS Server certificates issued before April 16, 2019 will continue to be trusted until they expire. Certificates issued after that date will be rejected.

 

https://blogs.oracle.com/java-platform-group/jdk-distrusting-symantec-tls-certificates

 

Will the changes needed for this affect the certs accepted by the BouncyCastle provider?  If not, are there any changes planned to BouncyCastle to stop accepting Symantec certs?

 

 

Thanks,


David

 

Reply | Threaded
Open this post in threaded view
|

Re: Symantec Certificate Support

David Hook-3

We don't specifically block certificates - it's really up to the users of the APIs to decide what they accept or not.

The one thing we needed to change with this is our timestamping server as we were previously using a Symantec one, we've moved to a DigiCert one. The new timestamps should start appearing on the 1.61 release jars.

Regards,

David

On 8/12/18 5:56 am, David Dillard wrote:

Hi,

 

Just saw an Oracle blog post that says:

 

Oracle's JDK will stop trusting TLS certificates issued by Symantec, in line with similar plans recently announced by Google, Mozilla, Apple, and Microsoft. The list of affected certificates includes certificates branded as GeoTrust, Thawte, and VeriSign, which were managed by Symantec.

 

Starting with the critical patch releases planned for April 16, 2019, all supported JDK versions -that is 12, 11, 8 and 7- will begin distrusting new TLS Server certificates issued through the affected trust anchors (roots).

 

TLS Server certificates issued before April 16, 2019 will continue to be trusted until they expire. Certificates issued after that date will be rejected.

 

https://blogs.oracle.com/java-platform-group/jdk-distrusting-symantec-tls-certificates

 

Will the changes needed for this affect the certs accepted by the BouncyCastle provider?  If not, are there any changes planned to BouncyCastle to stop accepting Symantec certs?

 

 

Thanks,


David