How to backports make it into openJDK?

Prasadrao Koppula prasadarao.koppula at
Mon Aug 24 11:55:38 UTC 2020



HYPERLINK ""JDK-8180834: Backported to Oracle JDK, 7u191. 

OpenJDK 7u maintainers are best to answer backport process and OpenJDK 7u porting discussions are best discussed on HYPERLINK "mailto:jdk7u-dev at"jdk7u-dev at





From: John Gray [mailto:John.Gray at] 
Sent: Saturday, August 22, 2020 1:42 AM
To: OpenJDK Dev list <security-dev at>
Cc: Jonatan Guillén <Jonatan.Guillen at>; Carlos Ares <Carlos.Ares at>
Subject: How to backports make it into openJDK?




I have a question on how the backport process works.   Some of my colleagues at Entrust noted that HYPERLINK ""JDK-8180834 was backported to the Oracle 7u191 b31 release (  Essentially it adds GCM Ciphersuite support into JDK 7.   I was able to download 7u191 from Oracle’s support site and verified GCM cipher suites are working.


However, they want to make use of OpenJDK 7, but it appears OpenJDK 7u191 (and later versions) do not contain the backport.  


We noticed a couple of things.   The fix for HYPERLINK ""JDK-8180834  says it is in “branch master” of openjdk 7 (HYPERLINK ""  If you check the line referenced in this link it says (Unsupported cipher suites from RFC 5289) [HYPERLINK ""RFC5289].   This is the HYPERLINK ""changeset that openjdk made to support GCM in JDK8, If you look at the changes in HYPERLINK "" the unsupported GCM cipher suites are now implemented.  In the comments of issue HYPERLINK ""JDK-8180834 it says “Pushed changes to Master”, but what master? Is it a private master?  The issue says it is resolved, but it is not closed.    These things make us suspect that the changes are not in OpenJDK.    


Do changes made in master not get automatically picked up by OpenJDK?   Does the ‘b31’ imply a special side branch or is it a build number?  What is the process for getting changes added to OpenJDK?




John Gray

Entrust Datacard




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security-dev mailing list