JDK-8020424 : The NSS version should be detected before running crypto tests
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: linux,solaris_10
  • CPU: generic
  • Submitted: 2013-07-11
  • Updated: 2015-06-08
  • Resolved: 2013-07-29
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u85Fixed 8 b102Fixed
Related Reports
Duplicate :  
Relates :  
Relates :  
Many PKCS11 tests, in particular EC ones, have intermittent failures due to the NSS version on the test machine being old or not supporting the full elliptic curve suite (ECC Basic vs ECC Extended vs none at all).

The most common error one will see returned from PKCS11 is CKR_DOMAIN_PARAMS_INVALID from EC tests.  Others are one-off bugs in NSS that were fixed in later NSS versions.  While it would be nice to have all the NSS version up-to-date, it's a reality that these failures will occur in the community and it's best the tests are smarter rather than having to explain the problems over and over.
As this is a test change, there is nothing to verify. The change allowed other tests to work properly

Can you add more information about how verify this bug? Thanks