[8u] Request for enhancement backport approval for CR JDK-8029661 - Support TLS v1.2 algorithm in SunPKCS11 provider
Martin Balao
mbalao at redhat.com
Tue Sep 25 09:07:54 UTC 2018
Hi,
I'd like to request an enhancement backport approval for JDK-8029661 [1].
Supporting TLS v1.2 algorithms in SunPKCS11 crypto provider would be highly
beneficial for operating in a FIPS-140 environment. This is highly critical
for both security and compliance reasons to many OpenJDK users; including
corporations, public sector and other organizations. TLS 1.2 is currently
the most wide-spread TLS version.
Changes done as part of this enhancement are constrained to SunPKCS11
crypto provider and do not affect SSL/TLS code. Risk involved is low mainly
because of the following reasons: 1) this enhancement is an extension on
top of currently supported mechanisms (no major refactorings were applied);
and, 2) backport is straight forward because affected code has not suffered
major changes since JDK 8 release.
JDK-8029661 has been reviewed by Valerie Peng on security-dev list [2] and
has been merged to JDK [3] base line. Regression testing on
sun/security/pkcs11 category experienced no regressions because of this
enhancement on both JDK base line and JDK 8.
JDK 8 backport webrev:
* http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
8029661.webrev.10.jdk8u/
* http://cr.openjdk.java.net/~mbalao/webrevs/8029661/
8029661.webrev.10.jdk8u.zip
Please note that this backport includes JDK-8210912 fix [4].
Thanks,
Martin.-
--
[1] - https://bugs.openjdk.java.net/browse/JDK-8029661
[2] - http://mail.openjdk.java.net/pipermail/security-dev/
2018-September/018278.html
[3] - http://hg.openjdk.java.net/jdk/jdk/rev/bccd9966f1ed
[4] - https://bugs.openjdk.java.net/browse/JDK-8210912
More information about the jdk8u-dev
mailing list