Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 13
Affects Version/s: 13
Component/s: security-libs
Labels:
- code-cleanup
- noreg-cleanup

Subcomponent:
javax.net.ssl
Resolved In Build:
b08

Description

The SunJSSE provider had a experimental feature that bound to a FIPS crypto provider. The mode could be configured with customizing the java.security provider with an extra parameter:
- security.provider.4=com.sun.net.ssl.internal.ssl.Provider
+ security.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS

Or use the SunJSSE provider with the extra crypto provider, by
new com.sun.net.ssl.internal.ssl.Provider(cryptoProvider);

In JDK 9, with the update of java.security, the provider load ignore the extra parameter. With the module design in JDK 9, the private package com.sun.net.ssl.internal.ssl is not accessible. So neither of the above two customization works since JDK 9.

The experimental SunJSSE FIPS compliant mode made the code complicated. If it is useless now, we may want to cleanup the code, by removing the experimental feature from the SunJSSE provider.

The cleanup should be safe as no one actually can use it since JDK 9.

Attachments

Issue Links

csr for

JDK-8217907 Remove the experimental SunJSSE FIPS compliant mode

Closed

duplicates

JDK-8029666 Add EC certificate in PKCS11 FIPS test key and cert store

Closed

relates to

JDK-8326000 Remove obsolete comments for class sun.security.ssl.SunJSSE

Resolved

JDK-8220753 Re-introduce the test case for TLS 1.2 algorithms in SunPKCS11 crypto provider

Resolved

Sub-Tasks

There are no Sub-Tasks for this issue.

Activity

People

Assignee:: Xuelei Fan

Reporter:: Xuelei Fan

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019-01-25 12:18

Updated:: 2024-02-15 14:29

Resolved:: 2019-02-12 13:39