CC'ing security-dev. Thanks, Martin.-
On 7/18/19 4:38 PM, Martin Balao wrote: > Hi, > > I'd like to request a review for the jdk11u backport of 8223482 [1]: > > http://cr.openjdk.java.net/~mbalao/webrevs/8223482/8223482.jdk11u.webrev.00/ > > There are 2 changes compared to the JDK version [2]: > > * SSLCipher.java > * "Cipher.getInstance" replaced with "JsseJce.getCipher" in > SSLCipher::isTransformationAvailable > * JDK-11 has SunJSSE experimental FIPS support (which was removed in > JDK), so we are able to check if the transformation is supported by > SunJSSE's crypto provider. We don't need to check if it's supported by > any provider because SunJSSE's crypto provider is the one that will be > used for the TLS connection. > > * TestTLS12.java (FipsModeTLS12.java in JDK): > * The change in TestTLS12::initialize does not apply to JDK-11 > * In JDK-11, we don't remove security providers because we are able > to set the one that has to be used in SunJSSE (due to SunJSSE > experimental FIPS support). > > Testing: > > * No regressions found in: > * jdk/sun/security/pkcs11 > * jdk/javax/net/ssl > * jdk/com/sun/crypto/provider/TLS > > * TestTLS12 updated to cover this patch > > Thanks, > Martin.- > > -- > [1] - https://bugs.openjdk.java.net/browse/JDK-8223482 > [2] - http://hg.openjdk.java.net/jdk/jdk/rev/d0f73fccf5f3 >
