Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8173410

Add commented config line for jdk.security.provider.preferred

    Details

    • Subcomponent:
    • Resolved In Build:
      b157
    • CPU:
      sparc
    • OS:
      solaris_11

      Backports

        Description

        The performance team, PAE, is requesting to have a preferred provider security property defined for solaris-sparc to not use UcryptoProvider and SunPKCS11 on certain intrinsifyed algorithms.

        This was put in previously but removed because of Solaris Security's concern that customers who had enabled FIPS-140 in the Solaris Crypto Framework would unknowing invalidate the boundary because the preferred provider property would direct operations away from the Solaris Crypto Framework.

        The current proposal is to put the perferred provider line back in, but have it commented out. PAE will inform customers on how to enable the preferred provider option. The line that would be add is:

        #jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ascarpino Anthony Scarpino
                  Reporter:
                  ascarpino Anthony Scarpino
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: