RFR JDK-8029661: JDK-Support TLS v1.2 algorithm in SunPKCS11 provider
Martin Balao
mbalao at redhat.com
Fri Nov 10 14:38:36 UTC 2017
Hi,
I would like to propose a patch for JDK-8029661: JDK-Support TLS v1.2
algorithm in SunPKCS11 provider [1].
*
http://cr.openjdk.java.net/~akasko/mbalao/jdk_8029661_tls_12_sunpkcs11/2017_11_09/8029661.webrev.01/
(browse online)
*
http://cr.openjdk.java.net/~akasko/mbalao/jdk_8029661_tls_12_sunpkcs11/2017_11_09/8029661.webrev.01.zip
(download)
The following algorithms have been implemented in SunPKCS11 provider (based
on PKCS#11 v2.40 mechanisms):
* SunTls12RsaPremasterSecret
* SunTls12MasterSecret
* SunTls12KeyMaterial
* SunTls12Prf
A minor API change is proposed to expose TLS ProtocolVersion constants
(SSL30, TLS10, TLS11, etc.) from java.base to jdk.crypto.cryptoki module.
This allows to remove hardcoded TLS int constants in SunPKCS11 classes
(required when implementing "Tls"-like algorithms).
A test case is included with the following:
* TLS 1.2 communication using SunPKCS11 + NSS (in FIPS mode)
* Algorithms test against SunJCE
Regards,
Martin.-
--
[1] - https://bugs.openjdk.java.net/browse/JDK-8029661
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20171110/9a41c28b/attachment.htm>
More information about the security-dev
mailing list