On 3/30/20 4:47 PM, Alex Scheel wrote: > For one example here, take the long-standing Debian ticket against Dogtag: > > https://www.pagure.io/dogtagpki/issue/3088 > > OpenJDK 11 moved to TLS v1.3, but didn't fully implement the spec: PHA isn't > available. This is a requirement for our particular application. > > It isn't clear why forcing TLS v1.2 didn't fix this issue. TLS v1.2 works fine > on OpenJDK 8. IMO, this makes it a JDK11 bug. And not the type we have time to > debug and figure out what broke in OpenJDK. > > > With the introduction of JSS's SSLEngine, we can work around this problem, but > that isn't yet merged. > > https://github.com/dogtagpki/jss/pull/150 Tricky. It's kinda inevitable that some things will break at some time. We have to decide whether Dogtag is a blocker for JDK 11 as system JDK. -- Andrew Haley (he/him) Java Platform Lead Engineer Red Hat UK Ltd. <https://www.redhat.com> https://keybase.io/andrewhaley EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671 _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
