Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
P3
-
Resolution: Fixed
-
Affects Version/s: 11.0.10
-
Fix Version/s: 11.0.10
-
Component/s: security-libs
-
Subcomponent:
-
Resolved In Build:b06
-
CPU:generic
-
OS:generic
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8258019 | 11.0.11 | Martin Balao | P3 | Resolved | Fixed | b01 |
Description
After the 11u backport of JDK-8171279, a regression was introduced in SunJSSE's FIPS support mode. During the key exchange phase, a non-FIPS crypto provider may be incorrectly picked for usage. This would affect the constraint of using FIPS compliant crypto algorithms only (ie.: provided by SunPKCS11 with an NSS backend).
Only 11u is affected by this regression, as SunJSSE's FIPS feature was removed in JDK-13. At this time,JDK-8171279 was not backported to 8u; if JDK-8171279 is ever backported to 8u, this bug applies as well.
Only 11u is affected by this regression, as SunJSSE's FIPS feature was removed in JDK-13. At this time,
Attachments
Issue Links
- backported by
-
JDK-8258019 SunJSSE FIPS regression in key exchange after JDK-8171279 11u backport
-
- Resolved
-
- relates to
-
JDK-8256030 Support X25519 and X448 in TLS
-
- Resolved
-