Commit - rpms/java-1.8.0-openjdk - 0e6069cde381d80f94998a05af512f714da95707

    Support the FIPS mode crypto policy.
    
    Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal.
    nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
    SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
    Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
    Disable FIPS mode support unless com.redhat.fips is set to "true".
    Add JDK-8195607/PR3776 to support NSS SQLite databases.
    Use appropriate keystore types when in FIPS mode (RH1760838)
    Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
    Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986)
    Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1906862)
    Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode

Fedora CI - scratch build
failure

Package tests for 0e6069cd: failed
2 years ago
Zuul
failure

Jobs result is failure
2 years ago
Build completed
success

Built as java-1.8.0-openjdk-1:1.8.0.302.b03-0.1.ea.fc35
2 years ago
Build completed
success

Built as java-1.8.0-openjdk-1:1.8.0.302.b03-0.1.ea.eln111
2 years ago

java-1.8.0-openjdk.spec

file modified

+54 -6

jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch

file added

+125

nss.fips.cfg.in

file added

rh1655466-global_crypto_and_fips.patch

file added

+208

rh1760838-fips_default_keystore_type.patch

file added

+52

rh1860986-disable_tlsv1.3_in_fips_mode.patch

file added

+327

rh1906862-always_initialise_configurator_access.patch

file added

+65

rpms / java-1.8.0-openjdk

Source Code

0e6069c Support the FIPS mode crypto policy.

Authored and Committed by ahughes 2 years ago

`0e6069c` Support the FIPS mode crypto policy.