JDK-7196382 : PKCS11 provider should support 2048-bit DH
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 8
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: linux
  • CPU: x86
  • Submitted: 2012-09-05
  • Updated: 2017-12-21
  • Resolved: 2013-10-09
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 Other
7u161Fixed 8 b113Fixed openjdk7uFixed
Related Reports
Relates :  
Relates :  
Description
When I do interoperability testing for 2048 bit DH key on solaris, I find "Sunpkcs11-solaris" doesn't allow DH key larger than 1024:
Test case failed with unexpected exception: Key size must be a multiple of 64 and at most 1024 bit

Valerie:
the 1024-bit check in SunPKCS11 provider should be removed since we do have default parameter values for 2048-bit DH now.

Comments
sun/security/pkcs11/KeyPairGenerator/TestDH2048.java test passed since 113.
20-11-2013

regression test available.
22-10-2013