RFR: JDK-8308398 Move SunEC crypto provider into java.base
Sean Mullan
sean.mullan at oracle.com
Mon Jun 19 14:54:22 UTC 2023
On 6/19/23 2:19 AM, Alan Bateman wrote:
> On Mon, 19 Jun 2023 05:46:34 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>
>> From what I was told, the native library was one of the reasons it was not in the base pkg before modularization and just remained so afterwards.
>
> Maybe you are thinking about the size of libsunec or non-technical issues that meant it wasn't included by some distributions? There weren't an issue with deciding which providers to include to java.base. I think the motivation for having the SunEC provider in java.base now is probably TLS so there are more secure cipher suites available for those that create a small run-image with jlink and don't include all security providers.
Yes, I think the motivation is more that Elliptic Curve Cryptography is
a widely used form of crypto and should be in java.base. I haven't tried
this, but I think TLS 1.3 would simply not work if you just had
java.base in your runtime.
--Sean
More information about the security-dev
mailing list