[8u] Request for enhancement backport approval for CR JDK-8029661 - Support TLS v1.2 algorithm in SunPKCS11 provider

Seán Coffey sean.coffey at oracle.com
Mon Oct 15 15:25:21 UTC 2018 

Hope to have an answer within next few days Martin!

Regards,
Sean.

On 15/10/18 16:15, Martin Balao wrote:
> Hi Sean,
>
> Any updates on this?
>
> Kind regards,
> Martin.-
>
> On Tue, Sep 25, 2018 at 6:56 PM, Seán Coffey <sean.coffey at oracle.com 
> <mailto:sean.coffey at oracle.com>> wrote:
>
>     Thanks for logging this request Martin. Looking into this and hope
>     to reply shortly.
>
>     regards,
>     Sean.
>
>
>
>     On 25/09/2018 10:07, Martin Balao wrote:
>
>         Hi,
>
>         I'd like to request an enhancement backport approval for
>         JDK-8029661 [1].
>
>         Supporting TLS v1.2 algorithms in SunPKCS11 crypto provider
>         would be highly
>         beneficial for operating in a FIPS-140 environment. This is
>         highly critical
>         for both security and compliance reasons to many OpenJDK
>         users; including
>         corporations, public sector and other organizations. TLS 1.2
>         is currently
>         the most wide-spread TLS version.
>
>         Changes done as part of this enhancement are constrained to
>         SunPKCS11
>         crypto provider and do not affect SSL/TLS code. Risk involved
>         is low mainly
>         because of the following reasons: 1) this enhancement is an
>         extension on
>         top of currently supported mechanisms (no major refactorings
>         were applied);
>         and, 2) backport is straight forward because affected code has
>         not suffered
>         major changes since JDK 8 release.
>
>         JDK-8029661 has been reviewed by Valerie Peng on security-dev
>         list [2] and
>         has been merged to JDK [3] base line. Regression testing on
>         sun/security/pkcs11 category experienced no regressions
>         because of this
>         enhancement on both JDK base line and JDK 8.
>
>         JDK 8 backport webrev:
>
>           * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
>         <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/>
>         8029661.webrev.10.jdk8u/
>           * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
>         <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/>
>         8029661.webrev.10.jdk8u.zip
>
>         Please note that this backport includes JDK-8210912 fix [4].
>
>         Thanks,
>         Martin.-
>
>         --
>         [1] - https://bugs.openjdk.java.net/browse/JDK-8029661
>         <https://bugs.openjdk.java.net/browse/JDK-8029661>
>         [2] - http://mail.openjdk.java.net/pipermail/security-dev/
>         <http://mail.openjdk.java.net/pipermail/security-dev/>
>         2018-September/018278.html
>         [3] - http://hg.openjdk.java.net/jdk/jdk/rev/bccd9966f1ed
>         <http://hg.openjdk.java.net/jdk/jdk/rev/bccd9966f1ed>
>         [4] - https://bugs.openjdk.java.net/browse/JDK-8210912
>         <https://bugs.openjdk.java.net/browse/JDK-8210912>
>
>
>

More information about the jdk8u-dev mailing list