Details

      Description

      A memory growth issue in SunPKCS11 cryptographic provider, affecting the NSS back-end only, is now fixed.

      A system property to disable the fix has been introduced: sun.security.pkcs11.disableKeyExtraction. A "true" value disables the fix, whilst a "false" value (default) keeps it enabled.

      When enabled, PKCS#11 attributes of the NSS native keys are copied to Java byte buffers after key creation. Once used, NSS keys are destroyed and native heap space is freed up. If NSS keys are required again, they are recreated with the previously saved attributes.

      Further information and implementation details can be found in the CSR: https://bugs.openjdk.java.net/browse/JDK-8213430.

        Attachments

          Activity

            People

            • Assignee:
              mbalao Martin Balao
              Reporter:
              mbalao Martin Balao
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: