-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-9.0.0
This bug was initially created as a copy of Bug #2020290
I am copying this bug because:
RHEL 9 needs to be kept in sync.
When OpenJDK runs on a FIPS-configured system, TLS 1.3 (implemented in the SunJSSE security provider) is disabled both on the server and client sides (RH1860986). The reason is that the PKCS#11 key derivation mechanism for TLS 1.3 is not supported in the SunPKCS11 security provider; and the SunJSSE code for key derivation would require to import plain secret keys into an NSS Software Token (blocked by RH1991003).
The goal of this task is to implement a solution to re-enable TLS 1.3 on both server and client sides when OpenJDK runs in FIPS mode.
- is blocked by
-
RHEL-3425 Enable the export of keys in plain from the NSS Software Token while in FIPS mode [rhel-9, openjdk-8]
- Planning
- external trackers