Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8173410

Add commented config line for jdk.security.provider.preferred

XMLWordPrintable

    • b157
    • sparc
    • solaris_11

        The performance team, PAE, is requesting to have a preferred provider security property defined for solaris-sparc to not use UcryptoProvider and SunPKCS11 on certain intrinsifyed algorithms.

        This was put in previously but removed because of Solaris Security's concern that customers who had enabled FIPS-140 in the Solaris Crypto Framework would unknowing invalidate the boundary because the preferred provider property would direct operations away from the Solaris Crypto Framework.

        The current proposal is to put the perferred provider line back in, but have it commented out. PAE will inform customers on how to enable the preferred provider option. The line that would be add is:

        #jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE

              ascarpino Anthony Scarpino
              ascarpino Anthony Scarpino
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: