<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Thanks Jonathan. This is now tracked as
<a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8174690">https://bugs.openjdk.java.net/browse/JDK-8174690</a></p>
<p>We hope to triage this bug and keep updates in the bug report
(including proposed fix version goals). You can also contact
Oracle support if necessary.</p>
<p>regards,<br>
Sean.<br>
</p>
<div class="moz-cite-prefix">On 09/02/2017 21:14, Patchell Jonathan
wrote:<br>
</div>
<blockquote
cite="mid:3CA8E03060A50342A441CA3D5500644D26E564C5@A1GTOEMBXV009.gto.a3c.atos.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;
mso-fareast-language:EN-US;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:722212870;
mso-list-type:hybrid;
mso-list-template-ids:781085264 269025295 269025305 269025307 269025295 269025305 269025307 269025295 269025305 269025307;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Sean,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I am using
8u121 and I have raised a bug at
<a moz-do-not-send="true" href="http://bugreport.java.com/">http://bugreport.java.com/</a>.
I haven’t received any response but the internal review ID
was: 9047607.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Jonathan
Patchell<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Senior Software
Developer<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Gemalto<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="color:windowtext;mso-fareast-language:EN-CA"
lang="EN-US">From:</span></b><span
style="color:windowtext;mso-fareast-language:EN-CA"
lang="EN-US"> Seán Coffey
[<a class="moz-txt-link-freetext" href="mailto:sean.coffey@oracle.com">mailto:sean.coffey@oracle.com</a>]
<br>
<b>Sent:</b> February-08-17 8:21 AM<br>
<b>To:</b> Gardiner Michael
<a class="moz-txt-link-rfc2396E" href="mailto:Michael.Gardiner@gemalto.com"><Michael.Gardiner@gemalto.com></a>; Patchell Jonathan
<a class="moz-txt-link-rfc2396E" href="mailto:jonathan.patchell@gemalto.com"><jonathan.patchell@gemalto.com></a>;
<a class="moz-txt-link-abbreviated" href="mailto:security-dev@openjdk.java.net">security-dev@openjdk.java.net</a><br>
<b>Subject:</b> Re: TlsRsaPremasterSecretParameterSpec<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>What version of JDK 8u are you running with ? There's been a
few tweaks in this code area which might help you.
<span style="font-size:12.0pt;mso-fareast-language:EN-CA"><o:p></o:p></span></p>
<p><a moz-do-not-send="true"
href="https://bugs.openjdk.java.net/browse/JDK-8149017">https://bugs.openjdk.java.net/browse/JDK-8149017</a><br>
<a moz-do-not-send="true"
href="https://bugs.openjdk.java.net/browse/JDK-8158111">https://bugs.openjdk.java.net/browse/JDK-8158111</a><o:p></o:p></p>
<p>If you can reproduce with 8u121, please log an issue via <a
moz-do-not-send="true" href="http://bugreport.java.com/">
http://bugreport.java.com/</a> (or JBS if you have an
account) - We need to be aware of such issues.<o:p></o:p></p>
<pre>Regards,<o:p></o:p></pre>
<pre>Sean.<o:p></o:p></pre>
<div>
<p class="MsoNormal">On 07/02/17 21:29, Gardiner Michael
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hello Java Security Developers<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">We had a discussion a year and a bit ago
about the TlsRsaPremasterSecretParameterSpec being used in a
way that doesn’t seem to make sense. I’ve attached the
email from 2015, but the same question has arisen.
<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">It seems that the JSSE is expecting RSA
Ciphers to be able to handle
TlsRsaPremasterSecretParameterSpec. Is the
TlsRsaPremasterSecretParameterSpec class going to move out
of the status of “@deprecated Sun JDK internal use only ---
WILL BE REMOVED in a future release” towards something that
will be expected of RSA cipher instances to interoperate
with the JSSE?
<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">This is a blocking issue currently with
at least one large customer. We could add some code in our
provider to inspect if the parameter spec sent is of the
offending type, but I’d really rather not have to handle a
deprecated class that was never intended to be used outside
of the Sun code base. <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">My current advice to this customer is:<o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="mso-list:Ignore">1.<span style="font:7.0pt
"Times New Roman"">
</span></span><!--[endif]-->Roll back to a previous
version of Java that’s not affected by this behaviour change<o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="mso-list:Ignore">2.<span style="font:7.0pt
"Times New Roman"">
</span></span><!--[endif]-->Ensure the use of PFS cipher
suites so the RSA key is used only for identity and not key
exchange<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">But both of those pieces of advice may
not be practical in their situation.
<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Mike Gardiner<o:p></o:p></p>
<p class="MsoNormal">Systems Security Architect<o:p></o:p></p>
<p class="MsoNormal">Gemalto<o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;mso-fareast-language:EN-CA"><o:p> </o:p></span></p>
</div>
<hr>
<span style="font-style:italic;font-size:10.0pt;font-family:
"Arial","sans-serif";color:maroon;mso-ansi-language:EN-US"
lang="EN-US">This message and any attachments are intended
solely for the addressees and may contain confidential
information. Any unauthorized use or disclosure, either whole or
partial, is prohibited.<br>
E-mails are susceptible to alteration. Our company shall not be
liable for the message if altered, changed or falsified. If you
are not the intended recipient of this message, please delete it
and notify the sender.<br>
Although all reasonable efforts have been made to keep this
transmission free from viruses, the sender will not be liable
for damages caused by a transmitted virus.</span>
</blockquote>
<br>
</body>
</html>