Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: 7.4.0.Beta
Component/s: Documentation, Security
Labels:
None

Blocked:
False
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Release Note Text:
Undefined
Target Release:

7.backlog.GA
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Recently TLSv.1.1 has been disabled on most of the JDKs we use to test FIPS for EAP: https://bugs.openjdk.java.net/browse/JDK-8254713;

Our 7.4 documentation still suggests using TLSv1.1: https://access.redhat.com/login?redirectTo=https%3A%2F%2Faccess.redhat.com%2Fdocumentation%2Fen-us%2Fred_hat_jboss_enterprise_application_platform%2F7.4-beta%2Fhtml-single%2Fhow_to_configure_server_security%2Findex%23fips_compliant_cryptography;

This should be reflected in documentation in order to give customers indications on how-to setup FIPS with TLSv1.2 (or higher?) and OpenJDK;

In particular TLSv.1.1 has been disabled on OpenJDKs:

OpenJDK

OpenJDK 8 for RHEL: openjdk-1.8.0.292.b10

jre/lib/security/java.security

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

OpenJDK 8 for Windows: windows java-1.8.0-openjdk-1.8.0.292-1.b10.redhat.windows.x86_64

jre/lib/security/java.security

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

OpenJDK 11 for RHEL: openjdk-11.0.11.0.9

conf/security/java.security

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

OpenJDK 11 for Windows: windows java-11-openjdk-11.0.11.9-1.windows.redhat.x86_64

conf/security/java.security

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves

is related to

JBEAP-21943 FIPS: TLSv1.1 has been disabled on Oracle JDK

Closed

JBEAP-21944 FIPS: TLSv1.1 has been disabled on AdoptOpen JDK for Linux

Closed

relates to

JBEAP-21941 FIPS: TLSv1.1 has been disabled on most JDKs

Closed

Assignee:: Nicole Baratta

Reporter:: Tommaso Borgato

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2021/05/19 8:25 AM

Updated:: 2022/09/09 6:19 AM

Resolved:: 2021/06/07 12:36 PM

Details

Description

OpenJDK

OpenJDK 8 for RHEL: openjdk-1.8.0.292.b10

OpenJDK 8 for Windows: windows java-1.8.0-openjdk-1.8.0.292-1.b10.redhat.windows.x86_64

OpenJDK 11 for RHEL: openjdk-11.0.11.0.9

OpenJDK 11 for Windows: windows java-11-openjdk-11.0.11.9-1.windows.redhat.x86_64

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates