[7u40] Request for Phase 2 approval for 7165807: Non optimized initialization of NSS crypto library leads to scalability issue (original) (raw)

Seán Coffey sean.coffey at oracle.com
Tue Jun 25 14:54:48 PDT 2013

Approved for jdk7u40-dev.

regards, Sean.

On 25/06/2013 11:29, Vincent Ryan wrote:

There is no specific test to verify the fix (it's labeled 'noreg-hard'). Our existing PKCS11 tests already exercise the code path that the new NSS initializer now uses. I've added a link to a recent JPRT test run to my justification comment: https://jbs.oracle.com/bugs/browse/JDK-7165807?focusedCommentId=13343012&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13343012

On 24 Jun 2013, at 21:49, Seán Coffey wrote: Vinnie,

as per phase 2 process [1] - what tests have been run to verify this fix ? Regards, Sean. [1] http://openjdk.java.net/projects/jdk7u/phase2/phase2-process.html On 24/06/13 12:40, Vincent Ryan wrote: Hello all,

Please approve the following fix for 7u40: Bug:http://bugs.sun.com/viewbug.do?bugid=7165807 Webrev:http://cr.openjdk.java.net/~vinnie/7165807/webrev.01/ Code review:http://mail.openjdk.java.net/pipermail/security-dev/2013-June/007786.html JDK 8 changeset: [under construction] This fix modifies the SunPKCS11 JCE provider to initialize the Mozilla Network Security Services (NSS) crypto library to favour performance over memory footprint, by default. A new SunPKCS11 configuration flag 'nssOptimizeSpace' has been introduced to enable Java applications to revert to the old behaviour. Note that this change affects only the NSS-specific mode of the SunPKCS11 provider. It makes it consistent with the provider's regular behaviour which already initializes NSS to favour performance over memory footprint. Thanks.

More information about the jdk7u-dev mailing list