JDK 6 | JDK 7 |
---|---|
6-poolResolved | 7-poolResolved |
Duplicate :
|
|
Duplicate :
|
|
Duplicate :
|
|
Relates :
|
|
Relates :
|
There have been reports from java applications using JSSE and SunPKCS11 provider about a memory growth problem. After some investigation, it seems that CKM_TLS_PRF is the culprit for the memory growth problem. Based on the test results at hand, the memory usage remains flat when either: 1) the CKM_TLS_PRF mechanism is disabled, or 2) leave CKM_TLS_PRF mechanism enabled, but pass 0 as the base key in the C_DeriveKey(...) call instead of what actually specified by the caller. This leads to an error and Java crypto framework will fail over to the next crypto provider, i.e. SunJCE, for the TlsPrf algorithm. Since everything else on java side is the same, it looks to be a Solaris crypto implementation issue. Please refer to 6750401 "SSL stress test with GF leads to 32 bit max process size in less than 5 minutes,with PCKS11 provider" for more details.
|