JDK-8217911 : Release Note: Removal of Experimental FIPS 140 Compliant Mode from SunJSSE Provider
- Type: Sub-task
- Component: security-libs
- Sub-Component: javax.net.ssl
- Affected Version: 13
- Priority: P4
- Status: Closed
- Resolution: Delivered
- Submitted: 2019-01-28
- Updated: 2019-08-09
- Resolved: 2019-02-12
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 13 |
|---|
13Resolved  |
Description
The experimental FIPS 140 compliant mode has been removed from the SunJSSE provider. Legacy applications might have used the experimental mode with one of the following approaches: 1. Updating the `java.security` file and specifying a crypto provider for the SunJSSE provider (for example, `security.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS`) 2. Using the JDK internal class and creating a provider with a specified crypto provider (for example, `new com.sun.net.ssl.internal.ssl.Provider(cryptoProvider);`). Because the SunJSSE provider uses JDK default cryptography providers, applications can configure the `security.provider` security properties to use the FIPS 140 compliant cryptography providers.