<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>What version of JDK 8u are you running with ? There's been a few
      tweaks in this code area which might help you. <br>
    </p>
    <p><a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8149017">https://bugs.openjdk.java.net/browse/JDK-8149017</a><br>
      <a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8158111">https://bugs.openjdk.java.net/browse/JDK-8158111</a></p>
    <p>If you can reproduce with 8u121, please log an issue via
      <a class="moz-txt-link-freetext" href="http://bugreport.java.com/">http://bugreport.java.com/</a> (or JBS if you have an account) - We
      need to be aware of such issues.<br>
    </p>
    <pre class="moz-signature" cols="72">Regards,
Sean.</pre>
    <div class="moz-cite-prefix">On 07/02/17 21:29, Gardiner Michael
      wrote:<br>
    </div>
    <blockquote
cite="mid:3FA6BAADF79CCC418D052819A0E408C726105703@A1GTOEMBXV009.gto.a3c.atos.net"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:722212870;
        mso-list-type:hybrid;
        mso-list-template-ids:781085264 269025295 269025305 269025307 269025295 269025305 269025307 269025295 269025305 269025307;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal">Hello Java Security Developers<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">We had a discussion a year and a bit ago
          about the TlsRsaPremasterSecretParameterSpec being used in a
          way that doesn’t seem to make sense.  I’ve attached the email
          from 2015, but the same question has arisen.  <o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">It seems that the JSSE is expecting RSA
          Ciphers to be able to handle
          TlsRsaPremasterSecretParameterSpec.  Is the
          TlsRsaPremasterSecretParameterSpec class going to move out of
          the status of “@deprecated Sun JDK internal use only --- WILL
          BE REMOVED in a future release” towards something that will be
          expected of RSA cipher instances to interoperate with the
          JSSE? <o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">This is a blocking issue currently with at
          least one large customer.  We could add some code in our
          provider to inspect if the parameter spec sent is of the
          offending type, but I’d really rather not have to handle a
          deprecated class that was never intended to be used outside of
          the Sun code base.  <o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">My current advice to this customer is:<o:p></o:p></p>
        <p class="MsoListParagraph"
          style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
            style="mso-list:Ignore">1.<span style="font:7.0pt
              "Times New Roman"">       </span></span><!--[endif]-->Roll
          back to a previous version of Java that’s not affected by this
          behaviour change<o:p></o:p></p>
        <p class="MsoListParagraph"
          style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
            style="mso-list:Ignore">2.<span style="font:7.0pt
              "Times New Roman"">       </span></span><!--[endif]-->Ensure
          the use of PFS cipher suites so the RSA key is used only for
          identity and not key exchange<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">But both of those pieces of advice may not
          be practical in their situation. <o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Regards,<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Mike Gardiner<o:p></o:p></p>
        <p class="MsoNormal">Systems Security Architect<o:p></o:p></p>
        <p class="MsoNormal">Gemalto<o:p></o:p></p>
      </div>
    </blockquote>
    <br>
  </body>
</html>