Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2384

Elytron subsystem is unable to configure com.sun.net.ssl.internal.ssl.Provider in FIPS mode

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 3.0.0.Beta11
    • None
    • Security
    • None

      Trying to configure server to run in FIPS mode using subsystem capabilities.

      I can't configure throught subsystem same as in java.security file:

      java.security
      security.provider.5=com.sun.net.ssl.internal.ssl.Provider  SunPKCS11-testPkcs
      

      because there is no possibility in subsystem to call provider constructor with arguments (I don't mean providers configuration)

      Subsystem implements provider loading in 2 steps

      • create provider instance (call noargs constructor)
      • optionally load configuration

      But to create com.sun.net.ssl.internal.ssl.Provider in FIPS mode constructor with arguments must be called [1]

      [1] http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/com/sun/net/ssl/internal/ssl/Provider.java#49

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: