-
Sub-task
-
Resolution: Delivered
-
P3
-
11.0.6-oracle, 13
-
generic
-
generic
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8231207 | 11.0.6-oracle | Clifford Wayne | P3 | Resolved | Delivered |
A memory growth issue in the SunPKCS11 cryptographic provider that affects the NSS back-end has been fixed.
A system property, `sun.security.pkcs11.disableKeyExtraction` has been introduced to disable the fix. A "`true`" value disables the fix, while a "`false`" value (default) keeps it enabled.
When enabled, PKCS#11 attributes of the NSS native keys are copied to Java byte buffers after key creation. Once used, NSS keys are destroyed and native heap space is freed up. If NSS keys are required again, they are recreated with the previously saved attributes.
Further information and implementation details can be found in the CSR:JDK-8213430
A system property, `sun.security.pkcs11.disableKeyExtraction` has been introduced to disable the fix. A "`true`" value disables the fix, while a "`false`" value (default) keeps it enabled.
When enabled, PKCS#11 attributes of the NSS native keys are copied to Java byte buffers after key creation. Once used, NSS keys are destroyed and native heap space is freed up. If NSS keys are required again, they are recreated with the previously saved attributes.
Further information and implementation details can be found in the CSR:
- backported by
-
JDK-8231207 Release Note: Memory Growth Issue in SunPKCS11 Fixed
- Resolved