In Elytron/Elytron subsystem, there are advanced features which are based on providing custom KeyManager / TrustManager implementations.
However, these feature won't work in FIPS mode as OpenJDK/Oracle JDK in FIPS mode restricts usage only to standard JDK KeyManager [1]/ TrustManager [2] implementations.

Please revisit these implementations if it could be implemented in "FIPS-compliant way". If this will ends up as documentation JIRA developers help will be needed to identify and describe these advanced features for documentation purposes.

I kick off this issue as Blocker failing EAP7-274 in case something can be done on EAP side.

I have identified these classes are involved:

final class ConfigurationKeyManager extends X509ExtendedKeyManager {
class SecurityDomainTrustManager extends X509ExtendedTrustManager {
final class WrappingX509ExtendedTrustManager extends X509ExtendedTrustManager implements X509TrustManager {
public final class X509CRLExtendedTrustManager extends X509ExtendedTrustManager {

private static class DelegatingKeyManager extends X509ExtendedKeyManager {