Strimzi currently always defaults to SHA1PRNG as the secure random implementation in Kafka brokers. This is however not compatible with FIPS OpenJDK. So we need to decide how to handle it.

Apparently, SHA1PRNG provides better performance than NativePRNG which is blocking. It also used to be recommended by Kafka.

I think we have Several options:

• Detect the FIPS mode and set SHA1PRNG only when we are running on NON-FIPS or when FIPS_MODE is disabled.
• Not set secure.random at all anywhere and make it user configurable
• Find some better supported Secure Random which would work in FIPS