<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Hello all,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>This recently came up with a customer of ours and I wanted to get some answers from the horse’s mouth if I could. ;)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I work for SafeNet (Now Gemalto) and we provide a JCA/JCE provider to use our Luna brand of HSMs. We recommend using our provider rather than the PKCS11 wrapper/provider as we take advantage of custom extension functions and take care to avoid usage which is not allowed in our modules (EG: no private/secret key may transit the FIPS boundary in the clear) <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>We don’t provide our own JSSE implementation and instead have historically relied on the Sun/IBM implementation to properly use the java provider list. There are always little gotchas that pop up but it’s generally resolved through configuration changes.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The changes to RSAClientKeyExchange in regards to requiring the RSA Cipher to support TlsRsaPremasterSecretParameterSpec have thrown us for a bit of a loop though. Given that we support multiple JVMs I really don’t want to start handling parameter spec objects from the sun namespace. Especially when marked “@deprecated Sun JDK internal use only --- WILL BE REMOVED in a future release.” ;)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Is there any chance this parameter spec would be moved to be more official? Or to go back to the old behaviour if the RSA Cipher instance doesn’t support it? (We throw an InvalidAlgorithmParameterException when given an unsupported parameter spec)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Cheers,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Mike<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>
<br>
The information contained in this electronic mail transmission <br/>may be privileged and confidential, and therefore, protected <br/>from disclosure. If you have received this communication in <br/>error, please notify us immediately by replying to this <br/>message and deleting it from your computer without copying <br/>or disclosing it.<br/><br/>