JDK-8173410 : Add commented config line for jdk.security.provider.preferred
- Type: Bug
- Component: security-libs
- Sub-Component: javax.crypto
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- OS: solaris_11
- CPU: sparc
- Submitted: 2017-01-26
- Updated: 2017-05-17
- Resolved: 2017-02-08
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 10 | JDK 8 | JDK 9 |
|---|---|---|
10Fixed  |
8u152Fixed |
9 b157Fixed |
Related Reports
|
Relates :
|
|
|
Relates :
|
Description
The performance team, PAE, is requesting to have a preferred provider security property defined for solaris-sparc to not use UcryptoProvider and SunPKCS11 on certain intrinsifyed algorithms. This was put in previously but removed because of Solaris Security's concern that customers who had enabled FIPS-140 in the Solaris Crypto Framework would unknowing invalidate the boundary because the preferred provider property would direct operations away from the Solaris Crypto Framework. The current proposal is to put the perferred provider line back in, but have it commented out. PAE will inform customers on how to enable the preferred provider option. The line that would be add is: #jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE
Comments
|