Skip to content

JDK8u111/112 – MD5 is no longer considered secure

December 31, 2016

Oracle JRE will no longer trust MD5-signed code by default

Beginning with the April 2017 Critical Patch Update, JAR files signed using MD5 (RSA algorithm) will no longer be considered as signed by the Oracle JRE.

Oracle Java SE 8u131 which will be released with the April 2017 Critical Patch Update.

jdk_8u_111_112_warning

Affected applications: Java applets, or Java Web Start applications.

To check your app/jar file:

jarsigner -verify -J-Djava.security.debug=jar mySynopticApp.jar

To remove any existing MD5 signatures first before re-signing using the zip utility as follows:
zip -d mySynopticApp.jar 'META-INF/*.SF' 'META-INF/*.RSA' 'META-INF/*.DSA'

 

Advertisements

From → java, oracle

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: