[11u] RFR: 8171279: Support X25519 and X448 in TLS
Martin Balao
mbalao at redhat.com
Tue Nov 17 20:05:36 UTC 2020
Hi,
Apologize for being so late on this one -was on CPU and leave after
that-. I know this has been committed already, but I have some concerns
about the decisions taken.
> file src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java
> Deleting class DHEKAKeyDerivation failed because the code in 11 uses JsseJce.getKeyAgreement()
> where the patch uses KeyAgreement.getInstance().
Yes, because SunJSSE may be initialized with a specific crypto provider
for 'FIPS mode' in 11 (note that KeyAgreement.getInstance may choose any
enabled security provider in order of preference). This feature was
later removed.
>
> As I understand 8217835, the experimental FIPS feature cannot be used in
> 11, it just remained in the code. So I skipped adapting NamedGroups to the
> old behaviour, I can not test it anyways.
> What do you think, do we need to add this code to NamedGroupd.java again?
>
The conclusion in 8217835 that SunJSSE FIPS mode cannot be used in JDK9+
was never accurate and, today, not true. In particular, the provider
load ignored the extra parameter (from java.security configuration line)
because there was a bug that was fixed later [1].
In my opinion, we should not remove SunJSSE FIPS mode in 11u. This would
be removing an API from a stable release. Our users and us rely on that.
My suggestion would be to make the necessary changes so the crypto
provider used by SunJSSE remain to be the one obtained from JsseJce,
even for the key derivation schemes here.
Thoughts?
Martin.-
--
[1] - https://bugs.openjdk.java.net/browse/JDK-8230923
More information about the jdk-updates-dev
mailing list