[8u] Request for enhancement backport approval for CR JDK-8029661 - Support TLS v1.2 algorithm in SunPKCS11 provider
Seán Coffey
sean.coffey at oracle.com
Tue Sep 25 16:56:05 UTC 2018
Thanks for logging this request Martin. Looking into this and hope to
reply shortly.
regards,
Sean.
On 25/09/2018 10:07, Martin Balao wrote:
> Hi,
>
> I'd like to request an enhancement backport approval for JDK-8029661 [1].
>
> Supporting TLS v1.2 algorithms in SunPKCS11 crypto provider would be highly
> beneficial for operating in a FIPS-140 environment. This is highly critical
> for both security and compliance reasons to many OpenJDK users; including
> corporations, public sector and other organizations. TLS 1.2 is currently
> the most wide-spread TLS version.
>
> Changes done as part of this enhancement are constrained to SunPKCS11
> crypto provider and do not affect SSL/TLS code. Risk involved is low mainly
> because of the following reasons: 1) this enhancement is an extension on
> top of currently supported mechanisms (no major refactorings were applied);
> and, 2) backport is straight forward because affected code has not suffered
> major changes since JDK 8 release.
>
> JDK-8029661 has been reviewed by Valerie Peng on security-dev list [2] and
> has been merged to JDK [3] base line. Regression testing on
> sun/security/pkcs11 category experienced no regressions because of this
> enhancement on both JDK base line and JDK 8.
>
> JDK 8 backport webrev:
>
> * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
> 8029661.webrev.10.jdk8u/
> * http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
> 8029661.webrev.10.jdk8u.zip
>
> Please note that this backport includes JDK-8210912 fix [4].
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.java.net/browse/JDK-8029661
> [2] - http://mail.openjdk.java.net/pipermail/security-dev/
> 2018-September/018278.html
> [3] - http://hg.openjdk.java.net/jdk/jdk/rev/bccd9966f1ed
> [4] - https://bugs.openjdk.java.net/browse/JDK-8210912
More information about the jdk8u-dev
mailing list