-
Bug
-
Resolution: Fixed
-
P3
-
6u19
-
b123
-
x86
-
windows_xp
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8043527 | 6u71 | Sean Coffey | P3 | Resolved | Fixed | b01 |
FULL PRODUCT VERSION :
java version "1.6.0_19"
Java(TM) SE Runtime Environment (build 1.6.0_19-b04)
Java HotSpot(TM) Client VM (build 16.2-b04, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
applies to all OSes
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
The RSAClientKeyExchange constructor used with SSL initiation has a SecureRandom argument, but fails to pass this SecureRandom to the KeyGenerator.init() method. As a result, a different SecureRandom is created and used by the KeyGenerator. Using a different SecureRandom could have performance and security implications.
This regression was introduced between java 5 and java 6.
REPRODUCIBILITY :
This bug can be reproduced always.
Release Regression From : 5
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
Release Regression From : 5
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
java version "1.6.0_19"
Java(TM) SE Runtime Environment (build 1.6.0_19-b04)
Java HotSpot(TM) Client VM (build 16.2-b04, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
applies to all OSes
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
The RSAClientKeyExchange constructor used with SSL initiation has a SecureRandom argument, but fails to pass this SecureRandom to the KeyGenerator.init() method. As a result, a different SecureRandom is created and used by the KeyGenerator. Using a different SecureRandom could have performance and security implications.
This regression was introduced between java 5 and java 6.
REPRODUCIBILITY :
This bug can be reproduced always.
Release Regression From : 5
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
Release Regression From : 5
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
- backported by
-
JDK-8043527 SSL regression: RSAClientKeyExchange fails to pass securerandom arg to KeyGen
-
- Resolved
-