Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8217835

Remove the experimental SunJSSE FIPS compliant mode

    XMLWordPrintable

    Details

      Description

      The SunJSSE provider had a experimental feature that bound to a FIPS crypto provider. The mode could be configured with customizing the java.security provider with an extra parameter:
      - security.provider.4=com.sun.net.ssl.internal.ssl.Provider
      + security.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS

      Or use the SunJSSE provider with the extra crypto provider, by
          new com.sun.net.ssl.internal.ssl.Provider(cryptoProvider);

      In JDK 9, with the update of java.security, the provider load ignore the extra parameter. With the module design in JDK 9, the private package com.sun.net.ssl.internal.ssl is not accessible. So neither of the above two customization works since JDK 9.

      The experimental SunJSSE FIPS compliant mode made the code complicated. If it is useless now, we may want to cleanup the code, by removing the experimental feature from the SunJSSE provider.

      The cleanup should be safe as no one actually can use it since JDK 9.

        Attachments

          Issue Links

          There are no Sub-Tasks for this issue.

            Activity

              People

              Assignee:
              xuelei Xuelei Fan
              Reporter:
              xuelei Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: