-
Bug
-
Resolution: Fixed
-
P3
-
11.0.10
-
b06
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8258019 | 11.0.11 | Martin Balao Alonso | P3 | Resolved | Fixed | b01 |
After the 11u backport of JDK-8171279, a regression was introduced in SunJSSE's FIPS support mode. During the key exchange phase, a non-FIPS crypto provider may be incorrectly picked for usage. This would affect the constraint of using FIPS compliant crypto algorithms only (ie.: provided by SunPKCS11 with an NSS backend).
Only 11u is affected by this regression, as SunJSSE's FIPS feature was removed in JDK-13. At this time,JDK-8171279 was not backported to 8u; if JDK-8171279 is ever backported to 8u, this bug applies as well.
Only 11u is affected by this regression, as SunJSSE's FIPS feature was removed in JDK-13. At this time,
- backported by
-
JDK-8258019 SunJSSE FIPS regression in key exchange after JDK-8171279 11u backport
-
- Resolved
-
- relates to
-
-
- Resolved
-