-
Bug
-
Resolution: Done
-
Major
-
None
-
7.4.0.Beta
-
None
-
False
-
False
-
-
-
-
-
-
Undefined
-
Recently TLSv.1.1 has been disabled on most of the JDKs we use to test FIPS for EAP;
Our 7.4 documentation still suggests using TLSv1.1: https://access.redhat.com/login?redirectTo=https%3A%2F%2Faccess.redhat.com%2Fdocumentation%2Fen-us%2Fred_hat_jboss_enterprise_application_platform%2F7.4-beta%2Fhtml-single%2Fhow_to_configure_server_security%2Findex%23fips_compliant_cryptography;
This should be reflected in documentation in order to give customers indications on how-to setup FIPS with TLSv1.2 (or higher?) and Oracle JDK;
In particular TLSv.1.1 has been disabled on the following Oracle JDKs:
Oracle JDK
Oracle JDK 8: windows jdk1.8.0_291
jre/lib/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
Oracle JDK 8: jdk1.8.0_291
jre/lib/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
Oracle JDK 11 for RHEL: jdk-11.0.11
conf/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
Oracle JDK 11 for Windows: windows jdk-11.0.11
conf/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
- is related to
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-