RFR: 8349849: PKCS11 SunTlsKeyMaterial crashes when used with TLS1.2 TlsKeyMaterialParameterSpec
Sean Mullan
mullan at openjdk.org
Thu Feb 13 18:45:16 UTC 2025
On Thu, 13 Feb 2025 18:32:41 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java line 122:
>>
>>> 120: } else if (tlsVersion == 0x0301 || tlsVersion == 0x0302) {
>>> 121: mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
>>> 122: } else if (tlsVersion == 0x0303) {
>>
>> Should TLS 1.2 also use CKM_TLS12_KEY_AND_MAC_DERIVE?
>
> TLS 1.2 is version 3.3.
> The versions are:
> SSL 3.0 - 3.0
> TLS 1.0 - 3.1
> TLS 1.1 - 3.2
> TLS 1.2 - 3.3
Ah ok. So I assume TLS 1.3 is using a different code path or KDF.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23583#discussion_r1955042992
More information about the security-dev
mailing list