-
Bug
-
Resolution: Won't Do
-
Undefined
-
None
-
rhel-9.3.0
-
None
-
Important
-
rhel-sst-java
-
None
-
False
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
x86_64
-
None
What were you trying to do that didn't work?
Performing a Get request on `https://github.com` fails with the following error message: ssl.SSLException: java.security.NoSuchProviderException: no such provider: SunEC.
Please provide the package NVR for which bug is seen:
java-11-openjdk-headless-11.0.22.0.7-2.el9.x86_64
How reproducible:
Every time
Steps to reproduce
- Create a FIPS enabled VM (setting `-Dcom.redhat.fips=true` has no effect)
- Install Docker
- Download the java-fips-issue.tar
attachment file containing the PoC - Run `docker build -t fips-issue .`
- Run the container using `docker run -d -p 8080:8080 fips-issue`
- Run `curl --location 'http://localhost:8080/download' --header 'Content-Type: application/json' --data '{"repoUrl": "https://api.github.com/repos/ichinna/fips-poc/zipball"}'`
- Inspect container logs
Expected results
The Get request should work as expected
Actual results
The get request fails with the following error message: ssl.SSLException: java.security.NoSuchProviderException: no such provider: SunEC
Notes
- This issue started happening recently without any component changes in our container
- We managed to find a temporary workaround for this issue by manually adding the GitHub certificate inside our trusted store, eliminating the need for SunEC.
- Passing `-Dcom.redhat.fips=false` to the java options also fixes this issue.
