Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-3428

Support TLS 1.3 in FIPS mode [rhel-9, openjdk-11]

    XMLWordPrintable

Details

    • Assignee, Qa Contact, Doc Contact, Pool Team, Watchers, Developer
    • sst_java
    • False
    • Hide

      None

      Show
      None
    • Unspecified
    • If docs needed, set a value
    • Unspecified

    Description

      This bug was initially created as a copy of Bug #2020290

      I am copying this bug because:

      RHEL 9 needs to be kept in sync.

      When OpenJDK runs on a FIPS-configured system, TLS 1.3 (implemented in the SunJSSE security provider) is disabled both on the server and client sides (RH1860986). The reason is that the PKCS#11 key derivation mechanism for TLS 1.3 is not supported in the SunPKCS11 security provider; and the SunJSSE code for key derivation would require to import plain secret keys into an NSS Software Token (blocked by RH1991003).

      The goal of this task is to implement a solution to re-enable TLS 1.3 on both server and client sides when OpenJDK runs in FIPS mode.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. RHEL-3424 Enable the export of keys in plain from the NSS Software Token while in FIPS mode [rhel-9, openjdk-11]

          • Undefined - Priority not specified.
          • Planning
          external trackers

          Web Link Github rh-openjdk/jdk11u/pull/7

          Web Link openjdk bug system JDK-8278640

          Web Link Red Hat Issue Tracker RHELPLAN-104931

          Activity

            People

              fferrari@redhat.com Francisco Ferrari Bihurriet
              rhn-engineering-ahughes Andrew Hughes
              java-qa java-qa
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: