Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8257545

SunJSSE FIPS regression in key exchange after JDK-8171279 11u backport

    Details

    • Subcomponent:
    • Resolved In Build:
      b06
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description

        After the 11u backport of JDK-8171279, a regression was introduced in SunJSSE's FIPS support mode. During the key exchange phase, a non-FIPS crypto provider may be incorrectly picked for usage. This would affect the constraint of using FIPS compliant crypto algorithms only (ie.: provided by SunPKCS11 with an NSS backend).

        Only 11u is affected by this regression, as SunJSSE's FIPS feature was removed in JDK-13. At this time, JDK-8171279 was not backported to 8u; if JDK-8171279 is ever backported to 8u, this bug applies as well.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mbalao Martin Balao
                  Reporter:
                  mbalao Martin Balao
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: