[8u] Request for enhancement backport approval for CR JDK-8029661 - Support TLS v1.2 algorithm in SunPKCS11 provider
Martin Balao
mbalao at redhat.com
Tue Oct 23 12:18:29 UTC 2018
Hi Valerie,
This backport was trivial, only a few changes required:
* Paths
* JDK-8210912 fix included [1]
* Minor adjustments when checking TLS version
in P11TlsKeyMaterialGenerator, P11TlsMasterSecretGenerator
and P11TlsRsaPremasterSecretGenerator
Thanks,
Martin.-
--
[1] - https://bugs.openjdk.java.net/browse/JDK-8210912
On Mon, Oct 22, 2018 at 7:17 PM, Valerie Peng <valerie.peng at oracle.com>
wrote:
> Martin,
>
> Sean asked me to help review this backport. Are the changes for 8u
> identical to those for JDK 12 (minus the path differences)? Is there any 8u
> specific modifications?
>
> Thanks,
>
> Valerie
>
>
>
> On 10/15/2018 8:15 AM, Martin Balao wrote:
>
>> Hi Sean,
>>
>> Any updates on this?
>>
>> Kind regards,
>> Martin.-
>>
>> On Tue, Sep 25, 2018 at 6:56 PM, Seán Coffey <sean.coffey at oracle.com>
>> wrote:
>>
>> Thanks for logging this request Martin. Looking into this and hope to
>>> reply shortly.
>>>
>>> regards,
>>> Sean.
>>>
>>>
>>>
>>> On 25/09/2018 10:07, Martin Balao wrote:
>>>
>>> Hi,
>>>>
>>>> I'd like to request an enhancement backport approval for JDK-8029661
>>>> [1].
>>>>
>>>> Supporting TLS v1.2 algorithms in SunPKCS11 crypto provider would be
>>>> highly
>>>> beneficial for operating in a FIPS-140 environment. This is highly
>>>> critical
>>>> for both security and compliance reasons to many OpenJDK users;
>>>> including
>>>> corporations, public sector and other organizations. TLS 1.2 is
>>>> currently
>>>> the most wide-spread TLS version.
>>>>
>>>> Changes done as part of this enhancement are constrained to SunPKCS11
>>>> crypto provider and do not affect SSL/TLS code. Risk involved is low
>>>> mainly
>>>> because of the following reasons: 1) this enhancement is an extension on
>>>> top of currently supported mechanisms (no major refactorings were
>>>> applied);
>>>> and, 2) backport is straight forward because affected code has not
>>>> suffered
>>>> major changes since JDK 8 release.
>>>>
>>>> JDK-8029661 has been reviewed by Valerie Peng on security-dev list [2]
>>>> and
>>>> has been merged to JDK [3] base line. Regression testing on
>>>> sun/security/pkcs11 category experienced no regressions because of this
>>>> enhancement on both JDK base line and JDK 8.
>>>>
>>>> JDK 8 backport webrev:
>>>>
>>>> * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
>>>> 8029661.webrev.10.jdk8u/
>>>> * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
>>>> 8029661.webrev.10.jdk8u.zip
>>>>
>>>> Please note that this backport includes JDK-8210912 fix [4].
>>>>
>>>> Thanks,
>>>> Martin.-
>>>>
>>>> --
>>>> [1] - https://bugs.openjdk.java.net/browse/JDK-8029661
>>>> [2] - http://mail.openjdk.java.net/pipermail/security-dev/
>>>> 2018-September/018278.html
>>>> [3] - http://hg.openjdk.java.net/jdk/jdk/rev/bccd9966f1ed
>>>> [4] - https://bugs.openjdk.java.net/browse/JDK-8210912
>>>>
>>>>
>>>
>
More information about the jdk8u-dev
mailing list