-
Bug
-
Resolution: Fixed
-
P3
-
None
-
b157
-
sparc
-
solaris_11
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8175720 | 10 | Anthony Scarpino | P3 | Resolved | Fixed | b02 |
JDK-8176536 | 8u152 | Anthony Scarpino | P2 | Resolved | Fixed | b02 |
The performance team, PAE, is requesting to have a preferred provider security property defined for solaris-sparc to not use UcryptoProvider and SunPKCS11 on certain intrinsifyed algorithms.
This was put in previously but removed because of Solaris Security's concern that customers who had enabled FIPS-140 in the Solaris Crypto Framework would unknowing invalidate the boundary because the preferred provider property would direct operations away from the Solaris Crypto Framework.
The current proposal is to put the perferred provider line back in, but have it commented out. PAE will inform customers on how to enable the preferred provider option. The line that would be add is:
#jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE
This was put in previously but removed because of Solaris Security's concern that customers who had enabled FIPS-140 in the Solaris Crypto Framework would unknowing invalidate the boundary because the preferred provider property would direct operations away from the Solaris Crypto Framework.
The current proposal is to put the perferred provider line back in, but have it commented out. PAE will inform customers on how to enable the preferred provider option. The line that would be add is:
#jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE
- backported by
-
JDK-8176536 Improved algorithm constraints checking
-
- Resolved
-
-
JDK-8175720 Add commented config line for jdk.security.provider.preferred
-
- Resolved
-
- relates to
-
JDK-8069538 Preferred Provider Configuration
-
- Resolved
-
-
JDK-8046943 JEP 246: Leverage CPU Instructions for GHASH and RSA
-
- Closed
-