Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: rhel-9.0.0
Component/s: java-1.8.0-openjdk
Labels:
- MigratedToJIRA
- Triaged

Epic Link:
RHELPLAN-104921

Pool Team:

sst_java

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None

Preliminary Testing:
None

Release Note Type:
If docs needed, set a value

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 2029668

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

This bug was initially created as a copy of Bug #2020290

I am copying this bug because:

RHEL 9 needs to be kept in sync.

When OpenJDK runs on a FIPS-configured system, TLS 1.3 (implemented in the SunJSSE security provider) is disabled both on the server and client sides (RH1860986). The reason is that the PKCS#11 key derivation mechanism for TLS 1.3 is not supported in the SunPKCS11 security provider; and the SunJSSE code for key derivation would require to import plain secret keys into an NSS Software Token (blocked by RH1991003).

The goal of this task is to implement a solution to re-enable TLS 1.3 on both server and client sides when OpenJDK runs in FIPS mode.

is blocked by

RHEL-3425 Enable the export of keys in plain from the NSS Software Token while in FIPS mode [rhel-9, openjdk-8]

Planning

external trackers

openjdk bug system JDK-8278640

Red Hat Issue Tracker RHELPLAN-104933

Assignee:: Martin Balao

Reporter:: Andrew Hughes

Developer:: Martin Balao

QA Contact:: David Kutalek

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/09/12 10:13 PM

Updated:: 2024/01/31 1:39 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates