JDK-4706382 : Remove secure random seed generation code in JPI
  • Type: Enhancement
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 1.4.1
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2002-06-21
  • Updated: 2002-08-01
  • Resolved: 2002-08-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.4.2 mantisFixed
Description
Since JSSE uses native OS support to generate the secure random seed in hopper to improve the performance, we can eliminate the JPI code which provides similar functionality

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: mantis FIXED IN: mantis INTEGRATED IN: mantis mantis-b03
2004-06-14

SUGGESTED FIX See the webrev in attachment. ###@###.### 2002-07-31
2002-07-31

EVALUATION The corresponding RFE under classes_security is 4518762 ###@###.### 2002-06-26 A potential fix has been identified. The fix is to disable JPI code which is responsible for creating and seeding a SecureRandom object. The fix also involves changing the way the sslContext.init method is being called. By passing a null as the third argument to sslContext.init, JSSE will create and seed a SecureRandom object. The suggested fix contains source diff of ext/plugin/java/src/sun/plugin/net/protocol/https/Handler.java for the Hopper version. I'm working on eliminating unnecessary java and native source code related to SecureRandom in JPI. ###@###.### 2002-07-19 A fix has been integrated into JPI's Mantis ws. ###@###.### 2002-07-31
2002-07-19