Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8029661

Support TLS v1.2 algorithm in SunPKCS11 provider

    XMLWordPrintable

Details

    Backports

      Description

        See the comment in SunPKCS11.java. Need to consider whether we can support SunTls12Prf, SunTls12RsaPremasterSecret, etc. in SunPKCS11 in the future.

                /*
                 * TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the
                 * PRF calculations. As of 2010, there is no PKCS11-level
                 * support for TLS 1.2 PRF calculations, and no known OS's have
                 * an internal variant we could use. Therefore for TLS 1.2, we
                 * are updating JSSE to request different provider algorithms
                 * (e.g. "SunTls12Prf"), and currently only SunJCE has these
                 * TLS 1.2 algorithms.
                 *
                 * If we reused the names such as "SunTlsPrf", the PKCS11
                 * providers would need be updated to fail correctly when
                 * presented with the wrong version number (via
                 * Provider.Service.supportsParameters()), and we would also
                 * need to add the appropriate supportsParamters() checks into
                 * KeyGenerators (not currently there).
                 *
                 * In the future, if PKCS11 support is added, we will restructure
                 * this.
                 */

        Attachments

          Issue Links

            Activity

              People

                mbalao Martin Balao
                xuelei Xuelei Fan
                Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: