How to backports make it into openJDK?
John Gray
John.Gray at entrustdatacard.com
Fri Aug 21 20:12:12 UTC 2020
Hello,
I have a question on how the backport process works. Some of my colleagues at Entrust noted that JDK-8180834<https://bugs.openjdk.java.net/browse/JDK-8180834> was backported to the Oracle 7u191 b31 release (https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#7u191-b31). Essentially it adds GCM Ciphersuite support into JDK 7. I was able to download 7u191 from Oracle’s support site and verified GCM cipher suites are working.
However, they want to make use of OpenJDK 7, but it appears OpenJDK 7u191 (and later versions) do not contain the backport.
We noticed a couple of things. The fix for JDK-8180834<https://bugs.openjdk.java.net/browse/JDK-8180834> says it is in “branch master” of openjdk 7 (CipherSuite.java<https://hg.openjdk.java.net/jdk7u/jdk7u/jdk/file/tip/src/share/classes/sun/security/ssl/CipherSuite.java#l1316>). If you check the line referenced in this link it says (Unsupported cipher suites from RFC 5289) [RFC5289<https://tools.ietf.org/html/rfc5289>]. This is the changeset<http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/def2e05299b7> that openjdk made to support GCM in JDK8, If you look at the changes in CipherSuite.java<http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/diff/def2e05299b7/src/share/classes/sun/security/ssl/CipherSuite.java> the unsupported GCM cipher suites are now implemented. In the comments of issue JDK-8180834<https://bugs.openjdk.java.net/browse/JDK-8180834> it says “Pushed changes to Master”, but what master? Is it a private master? The issue says it is resolved, but it is not closed. These things make us suspect that the changes are not in OpenJDK.
Do changes made in master not get automatically picked up by OpenJDK? Does the ‘b31’ imply a special side branch or is it a build number? What is the process for getting changes added to OpenJDK?
Thanks,
John Gray
Entrust Datacard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20200821/b7bb195e/attachment.htm>
More information about the security-dev
mailing list