java-1.8.0-openjdk

rpms

java-1.8.0-openjdk

Fork 0

Commit Graph

Author	SHA1	Message	Date
Francisco Ferrari Bihurriet	5b6071b392	RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode Use SunPKCS11 Attributes Configuration to set CKA_SIGN=true on SecretKey generate/import operations in FIPS mode, see: https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ATTRS Resolves: rhbz#2102435	2022-07-08 17:59:46 +01:00
Andrew Hughes	f459bf7287	Use 'sql:' prefix in nss.fips.cfg Fedora 35 and better no longer ship the legacy secmod.db file as part of the nss package. Explicitly tell OpenJDK to use sqlite-based sec mode. Resolves: rhbz#2023533	2021-12-06 01:03:47 +00:00
Andrew Hughes	da15b5d337	Support the FIPS mode crypto policy. Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal. nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file. Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg. Disable FIPS mode support unless com.redhat.fips is set to "true". Add JDK-8195607/PR3776 to support NSS SQLite databases. Use appropriate keystore types when in FIPS mode (RH1760838) Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable). Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986) Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1906862) Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode Resolves: rhbz#1971696	2021-07-08 05:11:48 +01:00

Author

SHA1

Message

Date

Francisco Ferrari Bihurriet

5b6071b392

RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode

Use SunPKCS11 Attributes Configuration to set CKA_SIGN=true on SecretKey generate/import operations in FIPS mode, see:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ATTRS

Resolves: rhbz#2102435

2022-07-08 17:59:46 +01:00

Andrew Hughes

f459bf7287

Use 'sql:' prefix in nss.fips.cfg

Fedora 35 and better no longer ship the legacy secmod.db file as part
of the nss package. Explicitly tell OpenJDK to use sqlite-based sec
mode.

Resolves: rhbz#2023533

2021-12-06 01:03:47 +00:00

Andrew Hughes

da15b5d337

Support the FIPS mode crypto policy.

Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal.
nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Add JDK-8195607/PR3776 to support NSS SQLite databases.
Use appropriate keystore types when in FIPS mode (RH1760838)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986)
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1906862)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode

Resolves: rhbz#1971696

2021-07-08 05:11:48 +01:00

3 Commits