[11u] RFR: 8171279: Support X25519 and X448 in TLS
Lindenmaier, Goetz
goetz.lindenmaier at sap.com
Mon Nov 30 10:06:26 UTC 2020
Hi
I have been looking at your test, but it is not yet working
on my machine. It skips the test after initializing.
Before backing out, we should consider whether
not having the new EC curves introduced by 8171279
in 11.0.10 is acceptable. This is an extension that is
documented as CSR and might be expected by people.
It is in 11.0.10-oracle, too.
To me, it seems more relevant than the FIPS feature broken,
which never has been an official feature as I understand,
and of which it has been communicated (inofficially) that it
does not work any more since 9.
Nevertheless we should fix it if broken, maybe in 11.0.11.
Best regards,
Goetz.
> -----Original Message-----
> From: Andrew Haley <aph at redhat.com>
> Sent: Monday, November 30, 2020 10:19 AM
> To: Martin Balao <mbalao at redhat.com>; jdk-updates-
> dev at openjdk.java.net; Lindenmaier, Goetz <goetz.lindenmaier at sap.com>
> Cc: Severin Gehwolf <sgehwolf at redhat.com>
> Subject: Re: [11u] RFR: 8171279: Support X25519 and X448 in TLS
>
> On 11/29/20 3:21 AM, Martin Balao wrote:
> > On Thu, Nov 26, 2020 at 6:25 PM Martin Balao <mbalao at redhat.com>
> wrote:
> >> On 11/26/20 7:18 AM, Andrew Haley wrote:
> >>>
> >>> Have you got a test case for this?
> >>>
> >>
> >> Testing is not trivial but I'm working on something.
> >
> > Ok, here you have a reproducer that shows the problem I described
> > earlier:
> http://people.redhat.com/mbalaoal/openjdk/workspace/sunjsse_experimen
> tal_fips_support_and_dh_jdk11u/test_experimental_fips_with_dh.jdk11u.v0.
> patch
>
> Thanks. Do you think there's enough time to fix the problems with 8171279,
> or should
> we just back it out now?
>
> --
> Andrew Haley (he/him)
> Java Platform Lead Engineer
> Red Hat UK Ltd. <https://www.redhat.com>
> https://keybase.io/andrewhaley
> EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
More information about the jdk-updates-dev
mailing list