rpms/java-1.8.0-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity
da15b5d337
java-1.8.0-openjdk/nss.fips.cfg.in
Andrew Hughes da15b5d337 Support the FIPS mode crypto policy. 
Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal.
nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Add JDK-8195607/PR3776 to support NSS SQLite databases.
Use appropriate keystore types when in FIPS mode (RH1760838)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986)
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1906862)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode

Resolves: rhbz#1971696
2021-07-08 05:11:48 +01:00

7 lines
124 B
INI
Raw Blame History

name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@
nssSecmodDirectory = @NSS_SECMOD@
nssDbMode = readOnly
nssModule = fips
Reference in New Issue View Git Blame Copy Permalink