On Fri, 11 Apr 2025 19:47:38 GMT, Valerie Peng <valer...@openjdk.org> wrote:
> > What I have found with Tls* keys is that they are in the map but we need to > > translate their pseudo-mechanism to a valid one (`CKK_GENERIC_SECRET`). Is > > that enough for #24393? > > What I found is that there are more "TlsXXX" than those defined in > P11SecretKeyFactory class which are mapped to PCKK_xxx. So, we will need to > decide if those self-defined "TlsXXX" algorithms are allowed (e.g. PKCS11 > will treat them as Generic secret keys or changing the TLS code to use a key > algorithm recognized by PKCS11). Beside this, we need to make sure the > current pseudo key type works, e.g. translating to a valid key type when > necessary, as you stated. Good, let me check this. ------------- PR Comment: https://git.openjdk.org/jdk/pull/24526#issuecomment-2798225287