On Thu, 13 Feb 2025 19:37:39 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java
>> line 124:
>>
>>> 122: } else if (tlsVersion == 0x0303) {
>>> 123: mechanism = CKM_TLS12_KEY_AND_MAC_DERIVE;
>>> 124: }
>>
>> So this hasn't worked since the TLSv1.2 support was added in 2018? Ouch!
>>
>> I wonder if how many are using PKCS11 for TLS. Seems like this should have
>> been found earlier.
>>
>> Double check with @valeriepeng , but looks ok to me...
>
> It's not that bad, the crash only happens when you (mis-)use
> SunTlsKeyMaterial instead of SunTls12KeyMaterial with TLS 1.2. JSSE uses the
> correct one. I only hit this bug when experimenting with tests.
Whew...thanks.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23583#discussion_r1955151548
