I've learned of jdk.tls.allowLegacyMasterSecret=false option's existence. Should I set it in FIPS mode? What are the downsides? Which of the JDK versions we ship have this option working? Will it be simply ignored by those that don't have it working?
I see this property is present in all currently supported JDKs (8, 11, 17). In all three, it defaults to 'true' (i.e. a legacy master secret is allowed) and indeed, this is unchanged in trunk (future JDK 22). I've added a NEEDINFO for more information from Francisco who works on the FIPS support. It's not clear to me from this bug why you would want to set this to false. Perhaps I'm missing some context for this bug. It's also worth noting that this is a system property so it wouldn't currently be controlled by the crypto policies (which this bug is currently filed against). I know we added some support for the crypto policies to list system properties as well, but this is not currently utilised by the JDK support. I'm not sure adding such support is the right direction to go. It would seem preferable to allow the same options to be toggled by security properties as well. I think that might get more traction upstream than trying to override system properties.