Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Undefined
Fix Version/s: None
Affects Version/s: rhel-8.3.0, rhel-8.8.0
Component/s: java-1.8.0-openjdk
Labels:
- MigratedToJIRA
- auto-closed

Regression:
None
Severity:
None
Epic Link:
RHELPLAN-112651

AssignedTeam:
rhel-sst-java

Story Points:
None
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Release Note Type:
If docs needed, set a value

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 1940063

PX Impact Score:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None
Internal Target Milestone numeric:
57,005

When OpenJDK is configured in FIPS mode, the XML Signature provider is currently disabled, and the keystore type must be PKCS11 (/etc/pki/nssdb is used, in read-only mode).

This is not compatible with some 3rd party applications.

For example, it leads to the following error running Jenkins on RHEL in FIPs mode:

java.security.KeyStoreException: FIPS mode: KeyStore must be from provider SunPKCS11-NSS-FIPS

is blocked by

RHEL-3423 Enable the export of keys in plain from the NSS Software Token while in FIPS mode [rhel-8, openjdk-11]

Closed

RHEL-3497 Add missing attributes when registering services in FIPS mode [rhel-8, openjdk-11]

Closed

external trackers

Red Hat Customer Portal 02887534

Red Hat Issue Tracker RHELPLAN-71027

Assignee:: Francisco Ferrari Bihurriet

Reporter:: Michael Millson

Developer:: Francisco Ferrari Bihurriet

QA Contact:: David Kutalek

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2023/09/12 9:50 PM

Updated:: 2025/03/14 4:35 PM

Resolved:: 2025/03/14 4:34 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates