<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Thanks Jonathan. This is now tracked as
      <a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8174690">https://bugs.openjdk.java.net/browse/JDK-8174690</a></p>
    <p>We hope to triage this bug and keep updates in the bug report
      (including proposed fix version goals). You can also contact
      Oracle support if necessary.</p>
    <p>regards,<br>
      Sean.<br>
    </p>
    <div class="moz-cite-prefix">On 09/02/2017 21:14, Patchell Jonathan
      wrote:<br>
    </div>
    <blockquote
cite="mid:3CA8E03060A50342A441CA3D5500644D26E564C5@A1GTOEMBXV009.gto.a3c.atos.net"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        color:black;
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        color:black;
        mso-fareast-language:EN-US;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black;
        mso-fareast-language:EN-US;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        color:black;
        mso-fareast-language:EN-US;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;
        color:black;}
span.EmailStyle21
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
span.EmailStyle22
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:722212870;
        mso-list-type:hybrid;
        mso-list-template-ids:781085264 269025295 269025305 269025307 269025295 269025305 269025307 269025295 269025305 269025307;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span style="color:#1F497D">Hi Sean,<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">I am using
            8u121 and I have raised a bug at
            <a moz-do-not-send="true" href="http://bugreport.java.com/">http://bugreport.java.com/</a>. 
            I haven’t received any response but the internal review ID
            was: 9047607.<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">Regards,<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">Jonathan
            Patchell<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">Senior Software
            Developer<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">Gemalto<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
        <div>
          <div style="border:none;border-top:solid #E1E1E1
            1.0pt;padding:3.0pt 0cm 0cm 0cm">
            <p class="MsoNormal"><b><span
                  style="color:windowtext;mso-fareast-language:EN-CA"
                  lang="EN-US">From:</span></b><span
                style="color:windowtext;mso-fareast-language:EN-CA"
                lang="EN-US"> Seán Coffey
                [<a class="moz-txt-link-freetext" href="mailto:sean.coffey@oracle.com">mailto:sean.coffey@oracle.com</a>]
                <br>
                <b>Sent:</b> February-08-17 8:21 AM<br>
                <b>To:</b> Gardiner Michael
                <a class="moz-txt-link-rfc2396E" href="mailto:Michael.Gardiner@gemalto.com"><Michael.Gardiner@gemalto.com></a>; Patchell Jonathan
                <a class="moz-txt-link-rfc2396E" href="mailto:jonathan.patchell@gemalto.com"><jonathan.patchell@gemalto.com></a>;
                <a class="moz-txt-link-abbreviated" href="mailto:security-dev@openjdk.java.net">security-dev@openjdk.java.net</a><br>
                <b>Subject:</b> Re: TlsRsaPremasterSecretParameterSpec<o:p></o:p></span></p>
          </div>
        </div>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p>What version of JDK 8u are you running with ? There's been a
          few tweaks in this code area which might help you.
          <span style="font-size:12.0pt;mso-fareast-language:EN-CA"><o:p></o:p></span></p>
        <p><a moz-do-not-send="true"
            href="https://bugs.openjdk.java.net/browse/JDK-8149017">https://bugs.openjdk.java.net/browse/JDK-8149017</a><br>
          <a moz-do-not-send="true"
            href="https://bugs.openjdk.java.net/browse/JDK-8158111">https://bugs.openjdk.java.net/browse/JDK-8158111</a><o:p></o:p></p>
        <p>If you can reproduce with 8u121, please log an issue via <a
            moz-do-not-send="true" href="http://bugreport.java.com/">
            http://bugreport.java.com/</a> (or JBS if you have an
          account) - We need to be aware of such issues.<o:p></o:p></p>
        <pre>Regards,<o:p></o:p></pre>
        <pre>Sean.<o:p></o:p></pre>
        <div>
          <p class="MsoNormal">On 07/02/17 21:29, Gardiner Michael
            wrote:<o:p></o:p></p>
        </div>
        <blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
          <p class="MsoNormal">Hello Java Security Developers<o:p></o:p></p>
          <p class="MsoNormal"> <o:p></o:p></p>
          <p class="MsoNormal">We had a discussion a year and a bit ago
            about the TlsRsaPremasterSecretParameterSpec being used in a
            way that doesn’t seem to make sense.  I’ve attached the
            email from 2015, but the same question has arisen. 
            <o:p></o:p></p>
          <p class="MsoNormal"> <o:p></o:p></p>
          <p class="MsoNormal">It seems that the JSSE is expecting RSA
            Ciphers to be able to handle
            TlsRsaPremasterSecretParameterSpec.  Is the
            TlsRsaPremasterSecretParameterSpec class going to move out
            of the status of “@deprecated Sun JDK internal use only ---
            WILL BE REMOVED in a future release” towards something that
            will be expected of RSA cipher instances to interoperate
            with the JSSE?
            <o:p></o:p></p>
          <p class="MsoNormal"> <o:p></o:p></p>
          <p class="MsoNormal">This is a blocking issue currently with
            at least one large customer.  We could add some code in our
            provider to inspect if the parameter spec sent is of the
            offending type, but I’d really rather not have to handle a
            deprecated class that was never intended to be used outside
            of the Sun code base.  <o:p></o:p></p>
          <p class="MsoNormal"> <o:p></o:p></p>
          <p class="MsoNormal">My current advice to this customer is:<o:p></o:p></p>
          <p class="MsoListParagraph"
            style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
              style="mso-list:Ignore">1.<span style="font:7.0pt
                "Times New Roman"">      
              </span></span><!--[endif]-->Roll back to a previous
            version of Java that’s not affected by this behaviour change<o:p></o:p></p>
          <p class="MsoListParagraph"
            style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
              style="mso-list:Ignore">2.<span style="font:7.0pt
                "Times New Roman"">      
              </span></span><!--[endif]-->Ensure the use of PFS cipher
            suites so the RSA key is used only for identity and not key
            exchange<o:p></o:p></p>
          <p class="MsoNormal"> <o:p></o:p></p>
          <p class="MsoNormal">But both of those pieces of advice may
            not be practical in their situation.
            <o:p></o:p></p>
          <p class="MsoNormal"> <o:p></o:p></p>
          <p class="MsoNormal">Regards,<o:p></o:p></p>
          <p class="MsoNormal"> <o:p></o:p></p>
          <p class="MsoNormal">Mike Gardiner<o:p></o:p></p>
          <p class="MsoNormal">Systems Security Architect<o:p></o:p></p>
          <p class="MsoNormal">Gemalto<o:p></o:p></p>
        </blockquote>
        <p class="MsoNormal"><span
            style="font-size:12.0pt;font-family:"Times New
            Roman",serif;mso-fareast-language:EN-CA"><o:p> </o:p></span></p>
      </div>
      <hr>
      <span style="font-style:italic;font-size:10.0pt;font-family:
"Arial","sans-serif";color:maroon;mso-ansi-language:EN-US"
        lang="EN-US">This message and any attachments are intended
        solely for the addressees and may contain confidential
        information. Any unauthorized use or disclosure, either whole or
        partial, is prohibited.<br>
        E-mails are susceptible to alteration. Our company shall not be
        liable for the message if altered, changed or falsified. If you
        are not the intended recipient of this message, please delete it
        and notify the sender.<br>
        Although all reasonable efforts have been made to keep this
        transmission free from viruses, the sender will not be liable
        for damages caused by a transmitted virus.</span>
    </blockquote>
    <br>
  </body>
</html>