Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8238555 Allow initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
  3. JDK-8240191

Release Note: SunPKCS11 Initialization With NSS When External FIPS Modules Are in Security Modules Database

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: P4
    • Resolution: Delivered
    • Affects Version/s: 8u311, 11.0.13-oracle, 15
    • Fix Version/s: 15
    • Component/s: security-libs

      Backports

        Description

        The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Before this change, when such a library was configured for NSS in non-FIPS mode, the SunPKCS11 provider would throw a RuntimeException with the message "FIPS flag set for non-internal module".

        This change allows the JDK to work properly with recent NSS releases in GNU/Linux operating systems when the system-wide FIPS policy is turned on.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                mbalao Martin Balao
                Reporter:
                mbalao Martin Balao
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: