JDK-8240191 : Release Note: SunPKCS11 Initialization With NSS When External FIPS Modules Are in Security Modules Database
- Type: Sub-task
- Component: security-libs
- Sub-Component: javax.crypto:pkcs11
- Affected Version: 8u311,11.0.13-oracle,15
- Priority: P4
- Status: Closed
- Resolution: Delivered
- OS: generic
- CPU: generic
- Submitted: 2020-02-27
- Updated: 2021-07-02
- Resolved: 2020-03-02
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 15 | JDK 8 |
|---|---|---|
| 11.0.13-oracleResolved | 15Resolved  |
8u311Resolved |
Description
The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Before this change, when such a library was configured for NSS in non-FIPS mode, the SunPKCS11 provider would throw a RuntimeException with the message "FIPS flag set for non-internal module". This change allows the JDK to work properly with recent NSS releases in GNU/Linux operating systems when the system-wide FIPS policy is turned on.