[8u] Request for enhancement backport approval for CR JDK-8029661 - Support TLS v1.2 algorithm in SunPKCS11 provider
Seán Coffey
sean.coffey at oracle.com
Tue Oct 23 07:07:47 UTC 2018
Martin,
this enhancement backport is approved for jdk8u-dev. Please follow up
with an 8u review request if necessary.
regards,
Sean.
On 15/10/2018 16:25, Seán Coffey wrote:
>
> Hope to have an answer within next few days Martin!
>
> Regards,
> Sean.
> On 15/10/18 16:15, Martin Balao wrote:
>> Hi Sean,
>>
>> Any updates on this?
>>
>> Kind regards,
>> Martin.-
>>
>> On Tue, Sep 25, 2018 at 6:56 PM, Seán Coffey <sean.coffey at oracle.com
>> <mailto:sean.coffey at oracle.com>> wrote:
>>
>> Thanks for logging this request Martin. Looking into this and
>> hope to reply shortly.
>>
>> regards,
>> Sean.
>>
>>
>>
>> On 25/09/2018 10:07, Martin Balao wrote:
>>
>> Hi,
>>
>> I'd like to request an enhancement backport approval for
>> JDK-8029661 [1].
>>
>> Supporting TLS v1.2 algorithms in SunPKCS11 crypto provider
>> would be highly
>> beneficial for operating in a FIPS-140 environment. This is
>> highly critical
>> for both security and compliance reasons to many OpenJDK
>> users; including
>> corporations, public sector and other organizations. TLS 1.2
>> is currently
>> the most wide-spread TLS version.
>>
>> Changes done as part of this enhancement are constrained to
>> SunPKCS11
>> crypto provider and do not affect SSL/TLS code. Risk involved
>> is low mainly
>> because of the following reasons: 1) this enhancement is an
>> extension on
>> top of currently supported mechanisms (no major refactorings
>> were applied);
>> and, 2) backport is straight forward because affected code
>> has not suffered
>> major changes since JDK 8 release.
>>
>> JDK-8029661 has been reviewed by Valerie Peng on security-dev
>> list [2] and
>> has been merged to JDK [3] base line. Regression testing on
>> sun/security/pkcs11 category experienced no regressions
>> because of this
>> enhancement on both JDK base line and JDK 8.
>>
>> JDK 8 backport webrev:
>>
>> * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
>> <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/>
>> 8029661.webrev.10.jdk8u/
>> * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
>> <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/>
>> 8029661.webrev.10.jdk8u.zip
>>
>> Please note that this backport includes JDK-8210912 fix [4].
>>
>> Thanks,
>> Martin.-
>>
>> --
>> [1] - https://bugs.openjdk.java.net/browse/JDK-8029661
>> <https://bugs.openjdk.java.net/browse/JDK-8029661>
>> [2] - http://mail.openjdk.java.net/pipermail/security-dev/
>> <http://mail.openjdk.java.net/pipermail/security-dev/>
>> 2018-September/018278.html
>> [3] - http://hg.openjdk.java.net/jdk/jdk/rev/bccd9966f1ed
>> <http://hg.openjdk.java.net/jdk/jdk/rev/bccd9966f1ed>
>> [4] - https://bugs.openjdk.java.net/browse/JDK-8210912
>> <https://bugs.openjdk.java.net/browse/JDK-8210912>
>>
>>
>>
>
More information about the jdk8u-dev
mailing list