rpms / java-latest-openjdk

Clone
Source Code
GIT

e426a3c Support the FIPS mode crypto policy (RH1655466)

Authored and Committed by Andrew John Hughes 2 years ago
raw patch tree parent
6 files changed. 693 lines added. 1 lines removed.
java-latest-openjdk.spec
file modified
+42 -1
nss.fips.cfg.in
file added
+6
rh1655466-global_crypto_and_fips.patch
file added
+205
rh1818909-fips_default_keystore_type.patch
file added
+52
rh1860986-disable_tlsv1.3_in_fips_mode.patch
file added
+318
rh1915071-always_initialise_configurator_access.patch
file added
+70 
    Support the FIPS mode crypto policy (RH1655466)
    
    Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
    SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
    Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
    No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
    Disable FIPS mode support unless com.redhat.fips is set to "true".
    Use appropriate keystore types when in FIPS mode (RH1818909)
    Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
    Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
    Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
    Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
  • Zuul
    failure
    Jobs result is failure
    2 years ago
  • Package tests for e426a3c6: passed
    2 years ago
  • Build completed
    success
    Built as java-latest-openjdk-1:17.0.0.0.33-0.2.ea.rolling.fc36
    2 years ago
file modified
+42 -1
file added
+6
file added
+205
file added
+52
file added
+318
file added
+70
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.