-
Bug
-
Resolution: Done
-
Major
-
None
-
7.4.0.Beta
-
None
-
False
-
False
-
-
-
-
-
-
Undefined
-
Recently TLSv.1.1 has been disabled on most of the JDKs we use to test FIPS for EAP;
Our 7.4 documentation still suggests using TLSv1.1: https://access.redhat.com/login?redirectTo=https%3A%2F%2Faccess.redhat.com%2Fdocumentation%2Fen-us%2Fred_hat_jboss_enterprise_application_platform%2F7.4-beta%2Fhtml-single%2Fhow_to_configure_server_security%2Findex%23fips_compliant_cryptography;
This should be reflected in documentation in order to give customers indications on how-to setup FIPS with TLSv1.2 (or higher?) and AdoptOpen JDK for Linux;
here is the list of AdoptOpen JDK with indication on which are affected and which are not:
AdoptOpen
AdoptOpen JDK 11: adoptopenjdk11.0.11.openj9
conf/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
AdoptOpen JDK 8: windows jdk8u242-b08_openj9-0.18.1
jre/lib/security/java.security TLSv1.1 NOT DISABLED!!!!!!!!!!!!!
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
AdoptOpen JDK 8: adoptopenjdk1.8.292.openj9
jre/lib/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-