Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8029661

Support TLS v1.2 algorithm in SunPKCS11 provider

XMLWordPrintable

        See the comment in SunPKCS11.java. Need to consider whether we can support SunTls12Prf, SunTls12RsaPremasterSecret, etc. in SunPKCS11 in the future.

                /*
                 * TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the
                 * PRF calculations. As of 2010, there is no PKCS11-level
                 * support for TLS 1.2 PRF calculations, and no known OS's have
                 * an internal variant we could use. Therefore for TLS 1.2, we
                 * are updating JSSE to request different provider algorithms
                 * (e.g. "SunTls12Prf"), and currently only SunJCE has these
                 * TLS 1.2 algorithms.
                 *
                 * If we reused the names such as "SunTlsPrf", the PKCS11
                 * providers would need be updated to fail correctly when
                 * presented with the wrong version number (via
                 * Provider.Service.supportsParameters()), and we would also
                 * need to add the appropriate supportsParamters() checks into
                 * KeyGenerators (not currently there).
                 *
                 * In the future, if PKCS11 support is added, we will restructure
                 * this.
                 */

              mbalao Martin Balao Alonso
              xuelei Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: