Bug ID: JDK-8217835 Remove the experimental SunJSSE FIPS compliant mode

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 13
13 b08Fixed

The SunJSSE provider had a experimental feature that bound to a FIPS crypto provider.  The mode could be configured with customizing the java.security provider with an extra parameter:
-   security.provider.4=com.sun.net.ssl.internal.ssl.Provider
+  security.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS

Or use the SunJSSE provider with the extra crypto provider, by
    new com.sun.net.ssl.internal.ssl.Provider(cryptoProvider);

In JDK 9, with the update of java.security, the provider load ignore the extra parameter. With the module design in JDK 9, the private package com.sun.net.ssl.internal.ssl is not accessible.  So neither of the above two customization works since JDK 9.

The experimental SunJSSE FIPS compliant mode made the code complicated.  If it is useless now, we may want to cleanup the code, by removing the experimental feature from the SunJSSE provider.

The cleanup should be safe as no one actually can use it since JDK 9.

CSR :	JDK-8217907 - Remove the experimental SunJSSE FIPS compliant mode
Duplicate :	JDK-8029666 - Add EC certificate in PKCS11 FIPS test key and cert store
Relates :	JDK-8220753 - Re-introduce the test case for TLS 1.2 algorithms in SunPKCS11 crypto provider
Relates :	JDK-8326000 - Remove obsolete comments for class sun.security.ssl.SunJSSE