[8u] Request for enhancement backport approval for CR JDK-8029661 - Support TLS v1.2 algorithm in SunPKCS11 provider
Valerie Peng
valerie.peng at oracle.com
Mon Oct 22 22:17:40 UTC 2018
Martin,
Sean asked me to help review this backport. Are the changes for 8u
identical to those for JDK 12 (minus the path differences)? Is there any
8u specific modifications?
Thanks,
Valerie
On 10/15/2018 8:15 AM, Martin Balao wrote:
> Hi Sean,
>
> Any updates on this?
>
> Kind regards,
> Martin.-
>
> On Tue, Sep 25, 2018 at 6:56 PM, Seán Coffey <sean.coffey at oracle.com> wrote:
>
>> Thanks for logging this request Martin. Looking into this and hope to
>> reply shortly.
>>
>> regards,
>> Sean.
>>
>>
>>
>> On 25/09/2018 10:07, Martin Balao wrote:
>>
>>> Hi,
>>>
>>> I'd like to request an enhancement backport approval for JDK-8029661 [1].
>>>
>>> Supporting TLS v1.2 algorithms in SunPKCS11 crypto provider would be
>>> highly
>>> beneficial for operating in a FIPS-140 environment. This is highly
>>> critical
>>> for both security and compliance reasons to many OpenJDK users; including
>>> corporations, public sector and other organizations. TLS 1.2 is currently
>>> the most wide-spread TLS version.
>>>
>>> Changes done as part of this enhancement are constrained to SunPKCS11
>>> crypto provider and do not affect SSL/TLS code. Risk involved is low
>>> mainly
>>> because of the following reasons: 1) this enhancement is an extension on
>>> top of currently supported mechanisms (no major refactorings were
>>> applied);
>>> and, 2) backport is straight forward because affected code has not
>>> suffered
>>> major changes since JDK 8 release.
>>>
>>> JDK-8029661 has been reviewed by Valerie Peng on security-dev list [2] and
>>> has been merged to JDK [3] base line. Regression testing on
>>> sun/security/pkcs11 category experienced no regressions because of this
>>> enhancement on both JDK base line and JDK 8.
>>>
>>> JDK 8 backport webrev:
>>>
>>> * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
>>> 8029661.webrev.10.jdk8u/
>>> * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
>>> 8029661.webrev.10.jdk8u.zip
>>>
>>> Please note that this backport includes JDK-8210912 fix [4].
>>>
>>> Thanks,
>>> Martin.-
>>>
>>> --
>>> [1] - https://bugs.openjdk.java.net/browse/JDK-8029661
>>> [2] - http://mail.openjdk.java.net/pipermail/security-dev/
>>> 2018-September/018278.html
>>> [3] - http://hg.openjdk.java.net/jdk/jdk/rev/bccd9966f1ed
>>> [4] - https://bugs.openjdk.java.net/browse/JDK-8210912
>>>
>>
More information about the jdk8u-dev
mailing list