On Tue, 20 Jun 2023 00:57:46 GMT, Sean Mullan <sean.mul...@oracle.com> wrote:
> > Maybe you are thinking about the size of libsunec or non-technical issues > > that meant it wasn't included by some distributions? There weren't an issue > > with deciding which providers to include to java.base. I think the > > motivation for having the SunEC provider in java.base now is probably TLS > > so there are more secure cipher suites available for those that create a > > small run-image with jlink and don't include all security providers. > > Yes, I think the motivation is more that Elliptic Curve Cryptography is a > widely used form of crypto and should be in java.base. I haven't tried this, > but I think TLS 1.3 would simply not work if you just had java.base in your > runtime. I think we've converged on the right motivation. If would be good to check if there are TLS tests that could run with --limit-modules java.base, that would give confidence that the API/implementation will work when the run-time image only contains java.base. ------------- PR Comment: https://git.openjdk.org/jdk/pull/14457#issuecomment-1598552414