diff -r 4ebc2e2fb97c -r 71c04702a3d5 test/jdk/sun/security/pkcs11/README
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/pkcs11/README	Tue Sep 12 19:03:39 2017 +0200
@@ -0,0 +1,22 @@
+This README is to keep a list facts and known workaround for the pkcs11 java tests
+perform as a result of bugs or features in NSS or other pkcs11 libraries.
+
+- NSS ECC None/Basic/Extended
+The tests detect the NSS library support for Elliptic Curves as to not
+report incorrect failures.  PKCS11 reports back CKR_DOMAIN_PARAMS_INVALID
+when the curve is not supported.
+
+- Default libsoftokn3.so
+By default PKCS11Test.java will look for libsoftokn3.so.  There are a number of
+tests, particularly in Secmod, that need libnss3.so.  The method useNSS() in
+PKCS11test.java is to change the search and version checking to libnss3.
+
+ECC Basic supports is secp256r1, secp384r1, and secp521r1.
+
+- A bug in NSS 3.12 (Mozilla bug 471665) causes AES key lengths to be
+read incorrectly. KeyStore/SecretKeysBasic.java tiggers this bug and
+knows to avoid it.
+
+- A number of EC tests fail because of a DER bug in NSS 3.11.  The best guess
+is Mozilla bug 480280.  Those tests that abort execution with a PASS result
+are:  TestECDH2, TestECDSA, TestECDSA2 and TestECGenSpec.