Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8005743

java.security should only list the providers that are actually included

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Not an Issue
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description

      JRE profile compact1 has following providers configured in java.security file.

      security.provider.1=sun.security.provider.Sun
      security.provider.2=sun.security.rsa.SunRsaSign
      security.provider.3=sun.security.ec.SunEC
      security.provider.4=com.sun.net.ssl.internal.ssl.Provider
      security.provider.5=com.sun.crypto.provider.SunJCE
      security.provider.6=sun.security.jgss.SunProvider
      security.provider.7=com.sun.security.sasl.Provider
      security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
      security.provider.9=sun.security.smartcardio.SunPCSC

      But as per JRE profile specification, SunJGSS, SunSASL, XMLDSig and SunPCSC etc. security providers are not included.

      getProviders() functions correctly and only returns the supported provider list so the configuration in java.security file is confusing. Following list is returned by Security.getProviders()

      SUN version 1.7
      SunRsaSign version 1.7
      SunJSSE version 1.8
      SunJCE version 1.7

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            rhalade Rajan Halade
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: