Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8029661

Support TLS v1.2 algorithm in SunPKCS11 provider

    XMLWordPrintable

    Details

      Backports

        Description

        See the comment in SunPKCS11.java. Need to consider whether we can support SunTls12Prf, SunTls12RsaPremasterSecret, etc. in SunPKCS11 in the future.

                /*
                 * TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the
                 * PRF calculations. As of 2010, there is no PKCS11-level
                 * support for TLS 1.2 PRF calculations, and no known OS's have
                 * an internal variant we could use. Therefore for TLS 1.2, we
                 * are updating JSSE to request different provider algorithms
                 * (e.g. "SunTls12Prf"), and currently only SunJCE has these
                 * TLS 1.2 algorithms.
                 *
                 * If we reused the names such as "SunTlsPrf", the PKCS11
                 * providers would need be updated to fail correctly when
                 * presented with the wrong version number (via
                 * Provider.Service.supportsParameters()), and we would also
                 * need to add the appropriate supportsParamters() checks into
                 * KeyGenerators (not currently there).
                 *
                 * In the future, if PKCS11 support is added, we will restructure
                 * this.
                 */

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mbalao Martin Balao
                  Reporter:
                  xuelei Xue-Lei Fan
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: