I was reported that a 3rd-party PKCS11 provider stopped working
correctly since integrating the fix for JDK-8134605.
This is due to that a secret key is now generated via
CKM_SSL3_PRE_MASTER_KEY_GEN even if it is going to be discarded
(presumably, this is to avoid a time-attack.)
Would you please help review a proposed fix: If the provider fails
because it does not support CKM_SSL3_PRE_MASTER_KEY_GEN, and we do not
need the newly generated key, then ignore the failure?
Thanks in advance!
With kind regards,