java-11-openjdk

rpms

java-11-openjdk

Fork 0

Commit Graph

Author	SHA1	Message	Date
Francisco Ferrari Bihurriet	ecd7dd9860	RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode Use SunPKCS11 Attributes Configuration to set CKA_SIGN=true on SecretKey generate/import operations in FIPS mode, see: https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html#GUID-C4ABFACB-B2C9-4E71-A313-79F881488BB9__PKCS11-ATTRIBUTES-CONFIGURATION Resolves: rhbz#2102434	2022-07-08 03:39:33 +01:00
Andrew John Hughes	0fd8f1db3f	Use 'sql:' prefix in nss.fips.cfg Fedora 35 and better no longer ship the legacy secmod.db file as part of the nss package. Explicitly tell OpenJDK to use sqlite-based sec mode. Resolves: rhbz#2023535	2021-12-02 02:39:26 +00:00
Andrew Hughes	e4c9f84506	Support the FIPS mode crypto policy (RH1655466) Update RH1655466 FIPS patch with changes in OpenJDK 8 version. SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file. Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg. No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable. Disable FIPS mode support unless com.redhat.fips is set to "true". Use appropriate keystore types when in FIPS mode (RH1818909) Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable). Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986) Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071) Resolves: rhbz#1971689	2021-07-06 19:00:18 +01:00

Author

SHA1

Message

Date

Francisco Ferrari Bihurriet

ecd7dd9860

RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode

Use SunPKCS11 Attributes Configuration to set CKA_SIGN=true on SecretKey generate/import operations in FIPS mode, see:
https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html#GUID-C4ABFACB-B2C9-4E71-A313-79F881488BB9__PKCS11-ATTRIBUTES-CONFIGURATION

Resolves: rhbz#2102434

2022-07-08 03:39:33 +01:00

Andrew John Hughes

0fd8f1db3f

Use 'sql:' prefix in nss.fips.cfg

Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.

Resolves: rhbz#2023535

2021-12-02 02:39:26 +00:00

Andrew Hughes

e4c9f84506

Support the FIPS mode crypto policy (RH1655466)

Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Use appropriate keystore types when in FIPS mode (RH1818909)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)

Resolves: rhbz#1971689

2021-07-06 19:00:18 +01:00

3 Commits