[8u] Request for enhancement backport approval for CR JDK-8029661 - Support TLS v1.2 algorithm in SunPKCS11 provider
Martin Balao
mbalao at redhat.com
Mon Oct 15 15:15:11 UTC 2018
Hi Sean,
Any updates on this?
Kind regards,
Martin.-
On Tue, Sep 25, 2018 at 6:56 PM, Seán Coffey <sean.coffey at oracle.com> wrote:
> Thanks for logging this request Martin. Looking into this and hope to
> reply shortly.
>
> regards,
> Sean.
>
>
>
> On 25/09/2018 10:07, Martin Balao wrote:
>
>> Hi,
>>
>> I'd like to request an enhancement backport approval for JDK-8029661 [1].
>>
>> Supporting TLS v1.2 algorithms in SunPKCS11 crypto provider would be
>> highly
>> beneficial for operating in a FIPS-140 environment. This is highly
>> critical
>> for both security and compliance reasons to many OpenJDK users; including
>> corporations, public sector and other organizations. TLS 1.2 is currently
>> the most wide-spread TLS version.
>>
>> Changes done as part of this enhancement are constrained to SunPKCS11
>> crypto provider and do not affect SSL/TLS code. Risk involved is low
>> mainly
>> because of the following reasons: 1) this enhancement is an extension on
>> top of currently supported mechanisms (no major refactorings were
>> applied);
>> and, 2) backport is straight forward because affected code has not
>> suffered
>> major changes since JDK 8 release.
>>
>> JDK-8029661 has been reviewed by Valerie Peng on security-dev list [2] and
>> has been merged to JDK [3] base line. Regression testing on
>> sun/security/pkcs11 category experienced no regressions because of this
>> enhancement on both JDK base line and JDK 8.
>>
>> JDK 8 backport webrev:
>>
>> * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
>> 8029661.webrev.10.jdk8u/
>> * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
>> 8029661.webrev.10.jdk8u.zip
>>
>> Please note that this backport includes JDK-8210912 fix [4].
>>
>> Thanks,
>> Martin.-
>>
>> --
>> [1] - https://bugs.openjdk.java.net/browse/JDK-8029661
>> [2] - http://mail.openjdk.java.net/pipermail/security-dev/
>> 2018-September/018278.html
>> [3] - http://hg.openjdk.java.net/jdk/jdk/rev/bccd9966f1ed
>> [4] - https://bugs.openjdk.java.net/browse/JDK-8210912
>>
>
>
More information about the jdk8u-dev
mailing list