JDK-8235710 : Remove the legacy elliptic curves
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-12-10
  • Updated: 2022-05-25
  • Resolved: 2020-09-25
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 16
16 b18Fixed
Related Reports
Blocks :  
CSR :  
Duplicate :  
Relates :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8240192 :  
JDK-8252601 :  
JDK-8253551 :  
Remove the elliptic curves currently implemented in the native implementation of the SunEC provider and that were deprecated in JDK 14.
Changeset: 0b83fc01 Author: Anthony Scarpino <ascarpino@openjdk.org> Date: 2020-09-25 02:40:36 +0000 URL: https://git.openjdk.java.net/jdk/commit/0b83fc01

We should also strongly consider moving jdk.crypto.ec into java.base as part of this work. TLS doesn’t really work w/o it as EC is needed for the most secure cipher suites. This is inconvenient, as anyone that builds a modular app using https needs to remember to add the jdk.crypto.ec module. Once the native EC implementations are removed, the static footprint of the SunEC provider should be much smaller, so the size increase of adding it to java.base should be much less of an issue. One compatibility issue will be build environments that explicitly specify jdk.crypto.ec to jlink. However, we can deprecate jdk.crypto.ec for removal and leave an "empty" module to reduce the compatibility risk. jlink may also need to be enhanced to print a deprecation warning for modules that are deprecated for removal.