Commit - rpms/java-11-openjdk - e5d23d00b2314831f255753e3c083f374fdae223

    Support the FIPS mode crypto policy (RH1655466)
    
    Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
    SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
    Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
    No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
    Disable FIPS mode support unless com.redhat.fips is set to "true".
    Use appropriate keystore types when in FIPS mode (RH1818909)
    Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
    Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
    Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
    Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
    
    Resolves: rhbz#1830090

Build completed
success

Built as java-11-openjdk-1:11.0.11.0.9-4.fc33
2 years ago

java-11-openjdk.spec

file modified

+44 -2

nss.fips.cfg.in

file added

rh1655466-global_crypto_and_fips.patch

file added

+205

rh1818909-fips_default_keystore_type.patch

file added

+52

rh1860986-disable_tlsv1.3_in_fips_mode.patch

file added

+311

rh1915071-always_initialise_configurator_access.patch

file added

+68

rpms / java-11-openjdk

Source Code

e5d23d0 Support the FIPS mode crypto policy (RH1655466)

6 files Authored by ahughes 2 years ago, Committed by jvanek 2 years ago,

`e5d23d0` Support the FIPS mode crypto policy (RH1655466)