-
Sub-task
-
Resolution: Delivered
-
P4
-
13
-
Verified
The experimental FIPS 140 compliant mode has been removed from the SunJSSE provider.
Legacy applications might have used the experimental mode with one of the following approaches:
1. Updating the `java.security` file and specifying a crypto provider for the SunJSSE provider (for example, `security.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS`)
2. Using the JDK internal class and creating a provider with a specified crypto provider (for example, `new com.sun.net.ssl.internal.ssl.Provider(cryptoProvider);`).
Because the SunJSSE provider uses JDK default cryptography providers, applications can configure the `security.provider` security properties to use the FIPS 140 compliant cryptography providers.
Legacy applications might have used the experimental mode with one of the following approaches:
1. Updating the `java.security` file and specifying a crypto provider for the SunJSSE provider (for example, `security.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS`)
2. Using the JDK internal class and creating a provider with a specified crypto provider (for example, `new com.sun.net.ssl.internal.ssl.Provider(cryptoProvider);`).
Because the SunJSSE provider uses JDK default cryptography providers, applications can configure the `security.provider` security properties to use the FIPS 140 compliant cryptography providers.