Adapted patches to jdk16
- added pr3695-toggle_system_crypto_policy.patch ; missing prerequisity - removed rh1655466-global_crypto_and_fips.patch; jdk16 do not have default algorithm, it throws exception - adapted rh1655466-global_crypto_and_fips.patch - adapted rh1860986-disable_tlsv1.3_in_fips_mode.patch (?) - adapted rh1915071-always_initialise_configurator_access.patch
This commit is contained in:
parent
680e1acb05
commit
d6438d977f
@ -1171,8 +1171,7 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
|
|||||||
Patch4: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
|
Patch4: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
|
||||||
# Depend on pcs-lite-libs instead of pcs-lite-devel as this is only in optional repo
|
# Depend on pcs-lite-libs instead of pcs-lite-devel as this is only in optional repo
|
||||||
Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
|
Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
|
||||||
# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
|
Patch7: pr3695-toggle_system_crypto_policy.patch
|
||||||
Patch1003: rh1842572-rsa_default_for_keytool.patch
|
|
||||||
|
|
||||||
# FIPS support patches
|
# FIPS support patches
|
||||||
# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
|
# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
|
||||||
@ -1539,13 +1538,13 @@ pushd %{top_level_dir_name}
|
|||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
popd # openjdk
|
popd # openjdk
|
||||||
|
|
||||||
%patch1000
|
%patch1000
|
||||||
%patch600
|
%patch600
|
||||||
%patch1001
|
%patch1001
|
||||||
%patch1002
|
%patch1002
|
||||||
%patch1003
|
|
||||||
%patch1004
|
%patch1004
|
||||||
%patch1007
|
%patch1007
|
||||||
|
|
||||||
@ -2259,7 +2258,12 @@ cjc.mainProgram(args)
|
|||||||
%changelog
|
%changelog
|
||||||
* Tue Jun 29 2021 Jiri Vanek <jvanek@redhat.com> -1:16.0.1.0.9-5.rolling
|
* Tue Jun 29 2021 Jiri Vanek <jvanek@redhat.com> -1:16.0.1.0.9-5.rolling
|
||||||
- renamed source15 to source17 to match el8
|
- renamed source15 to source17 to match el8
|
||||||
- added fips support
|
- added fips support:
|
||||||
|
- added pr3695-toggle_system_crypto_policy.patch ; missing prerequisity
|
||||||
|
- removed rh1655466-global_crypto_and_fips.patch; jdk16 do not have default algorithm, it throws exception
|
||||||
|
- adapted rh1655466-global_crypto_and_fips.patch
|
||||||
|
- adapted rh1860986-disable_tlsv1.3_in_fips_mode.patch (?)
|
||||||
|
- adapted rh1915071-always_initialise_configurator_access.patch
|
||||||
|
|
||||||
* Thu Jun 17 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:16.0.1.0.9-4.rolling
|
* Thu Jun 17 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:16.0.1.0.9-4.rolling
|
||||||
- fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch which made the SunPKCS provider show up again
|
- fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch which made the SunPKCS provider show up again
|
||||||
|
78
pr3695-toggle_system_crypto_policy.patch
Normal file
78
pr3695-toggle_system_crypto_policy.patch
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User andrew
|
||||||
|
# Date 1545198926 0
|
||||||
|
# Wed Dec 19 05:55:26 2018 +0000
|
||||||
|
# Node ID f2cbd688824c128db7fa848c8732fb0ab3507776
|
||||||
|
# Parent 81f07f6d1f8b7b51b136d3974c61bc8bb513770c
|
||||||
|
PR3695: Allow use of system crypto policy to be disabled by the user
|
||||||
|
Summary: Read user overrides first so security.useSystemPropertiesFile can be disabled and add -Djava.security.disableSystemPropertiesFile
|
||||||
|
|
||||||
|
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
|
||||||
|
--- a/src/java.base/share/classes/java/security/Security.java
|
||||||
|
+++ b/src/java.base/share/classes/java/security/Security.java
|
||||||
|
@@ -125,31 +125,6 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
if ("true".equalsIgnoreCase(props.getProperty
|
||||||
|
- ("security.useSystemPropertiesFile"))) {
|
||||||
|
-
|
||||||
|
- // now load the system file, if it exists, so its values
|
||||||
|
- // will win if they conflict with the earlier values
|
||||||
|
- try (BufferedInputStream bis =
|
||||||
|
- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
|
||||||
|
- props.load(bis);
|
||||||
|
- loadedProps = true;
|
||||||
|
-
|
||||||
|
- if (sdebug != null) {
|
||||||
|
- sdebug.println("reading system security properties file " +
|
||||||
|
- SYSTEM_PROPERTIES);
|
||||||
|
- sdebug.println(props.toString());
|
||||||
|
- }
|
||||||
|
- } catch (IOException e) {
|
||||||
|
- if (sdebug != null) {
|
||||||
|
- sdebug.println
|
||||||
|
- ("unable to load security properties from " +
|
||||||
|
- SYSTEM_PROPERTIES);
|
||||||
|
- e.printStackTrace();
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if ("true".equalsIgnoreCase(props.getProperty
|
||||||
|
("security.overridePropertiesFile"))) {
|
||||||
|
|
||||||
|
String extraPropFile = System.getProperty
|
||||||
|
@@ -215,6 +190,33 @@
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
|
||||||
|
+ if (disableSystemProps == null &&
|
||||||
|
+ "true".equalsIgnoreCase(props.getProperty
|
||||||
|
+ ("security.useSystemPropertiesFile"))) {
|
||||||
|
+
|
||||||
|
+ // now load the system file, if it exists, so its values
|
||||||
|
+ // will win if they conflict with the earlier values
|
||||||
|
+ try (BufferedInputStream bis =
|
||||||
|
+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
|
||||||
|
+ props.load(bis);
|
||||||
|
+ loadedProps = true;
|
||||||
|
+
|
||||||
|
+ if (sdebug != null) {
|
||||||
|
+ sdebug.println("reading system security properties file " +
|
||||||
|
+ SYSTEM_PROPERTIES);
|
||||||
|
+ sdebug.println(props.toString());
|
||||||
|
+ }
|
||||||
|
+ } catch (IOException e) {
|
||||||
|
+ if (sdebug != null) {
|
||||||
|
+ sdebug.println
|
||||||
|
+ ("unable to load security properties from " +
|
||||||
|
+ SYSTEM_PROPERTIES);
|
||||||
|
+ e.printStackTrace();
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (!loadedProps) {
|
||||||
|
initializeStatic();
|
||||||
|
if (sdebug != null) {
|
@ -197,7 +197,7 @@ diff --git openjdk.orig///src/java.base/share/conf/security/java.security openjd
|
|||||||
+fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
|
+fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
|
||||||
+fips.provider.2=SUN
|
+fips.provider.2=SUN
|
||||||
+fips.provider.3=SunEC
|
+fips.provider.3=SunEC
|
||||||
+fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS
|
+fips.provider.4=SunJSSE SunPKCS11-NSS-FIPS
|
||||||
+
|
+
|
||||||
+#
|
+#
|
||||||
# A list of preferred providers for specific algorithms. These providers will
|
# A list of preferred providers for specific algorithms. These providers will
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
diff --git openjdk.orig/src/java.base/share/classes/sun/security/tools/keytool/Main.java openjdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
|
|
||||||
--- openjdk.orig/src/java.base/share/classes/sun/security/tools/keytool/Main.java
|
|
||||||
+++ openjdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
|
|
||||||
@@ -1135,7 +1135,7 @@
|
|
||||||
}
|
|
||||||
} else if (command == GENKEYPAIR) {
|
|
||||||
if (keyAlgName == null) {
|
|
||||||
- keyAlgName = "DSA";
|
|
||||||
+ keyAlgName = "RSA";
|
|
||||||
}
|
|
||||||
doGenKeyPair(alias, dname, keyAlgName, keysize, groupName, sigAlgName);
|
|
||||||
kssave = true;
|
|
@ -160,20 +160,28 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/jdk/internal/misc/JavaSecurityS
|
|||||||
+public interface JavaSecuritySystemConfiguratorAccess {
|
+public interface JavaSecuritySystemConfiguratorAccess {
|
||||||
+ boolean isSystemFipsEnabled();
|
+ boolean isSystemFipsEnabled();
|
||||||
+}
|
+}
|
||||||
diff -r bbc65dfa59d1 src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
|
diff -r bbc65dfa59d1 src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
|
||||||
--- openjdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java Thu Jan 23 18:22:31 2020 -0300
|
--- openjdk/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java Thu Jan 23 18:22:31 2020 -0300
|
||||||
+++ openjdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java Sat Aug 01 23:16:51 2020 -0300
|
+++ openjdk/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java Sat Aug 01 23:16:51 2020 -0300
|
||||||
|
@@ -38,6 +38,7 @@
|
||||||
|
import java.io.RandomAccessFile;
|
||||||
|
import java.security.ProtectionDomain;
|
||||||
|
import java.security.Signature;
|
||||||
|
+import jdk.internal.misc.JavaSecuritySystemConfiguratorAccess;
|
||||||
|
|
||||||
|
/** A repository of "shared secrets", which are a mechanism for
|
||||||
|
calling implementation-private methods in another package without
|
||||||
@@ -76,6 +76,7 @@
|
@@ -76,6 +76,7 @@
|
||||||
private static JavaIORandomAccessFileAccess javaIORandomAccessFileAccess;
|
private static JavaSecurityAccess javaSecurityAccess;
|
||||||
private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
|
private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
|
||||||
private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess;
|
private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess;
|
||||||
+ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess;
|
+ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess;
|
||||||
|
|
||||||
public static JavaUtilJarAccess javaUtilJarAccess() {
|
public static void setJavaUtilCollectionAccess(JavaUtilCollectionAccess juca) {
|
||||||
if (javaUtilJarAccess == null) {
|
javaUtilCollectionAccess = juca;
|
||||||
@@ -361,4 +362,12 @@
|
@@ -361,4 +362,12 @@
|
||||||
}
|
MethodHandles.lookup().ensureInitialized(c);
|
||||||
return javaxCryptoSealedObjectAccess;
|
} catch (IllegalAccessException e) {}
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
+ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) {
|
+ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) {
|
||||||
@ -188,33 +196,26 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SSLContextImpl
|
|||||||
--- openjdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Thu Jan 23 18:22:31 2020 -0300
|
--- openjdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Thu Jan 23 18:22:31 2020 -0300
|
||||||
+++ openjdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Sat Aug 01 23:16:51 2020 -0300
|
+++ openjdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Sat Aug 01 23:16:51 2020 -0300
|
||||||
@@ -31,6 +31,7 @@
|
@@ -31,6 +31,7 @@
|
||||||
import java.security.cert.*;
|
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
import java.util.concurrent.locks.ReentrantLock;
|
||||||
import javax.net.ssl.*;
|
import javax.net.ssl.*;
|
||||||
+import jdk.internal.misc.SharedSecrets;
|
+import jdk.internal.access.SharedSecrets;
|
||||||
import sun.security.action.GetPropertyAction;
|
import sun.security.action.GetPropertyAction;
|
||||||
import sun.security.provider.certpath.AlgorithmChecker;
|
import sun.security.provider.certpath.AlgorithmChecker;
|
||||||
import sun.security.validator.Validator;
|
import sun.security.validator.Validator;
|
||||||
@@ -542,20 +543,38 @@
|
@@ -536,22 +536,42 @@
|
||||||
|
private static final List<CipherSuite> serverDefaultCipherSuites;
|
||||||
|
|
||||||
static {
|
static {
|
||||||
if (SunJSSE.isFIPS()) {
|
|
||||||
- supportedProtocols = Arrays.asList(
|
- supportedProtocols = Arrays.asList(
|
||||||
- ProtocolVersion.TLS13,
|
- ProtocolVersion.TLS13,
|
||||||
- ProtocolVersion.TLS12,
|
- ProtocolVersion.TLS12,
|
||||||
- ProtocolVersion.TLS11,
|
- ProtocolVersion.TLS11,
|
||||||
- ProtocolVersion.TLS10
|
- ProtocolVersion.TLS10,
|
||||||
|
- ProtocolVersion.SSL30,
|
||||||
|
- ProtocolVersion.SSL20Hello
|
||||||
- );
|
- );
|
||||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
-
|
||||||
+ .isSystemFipsEnabled()) {
|
|
||||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
|
||||||
+ // the Security Providers available in system FIPS mode.
|
|
||||||
+ supportedProtocols = Arrays.asList(
|
|
||||||
+ ProtocolVersion.TLS12,
|
|
||||||
+ ProtocolVersion.TLS11,
|
|
||||||
+ ProtocolVersion.TLS10
|
|
||||||
+ );
|
|
||||||
|
|
||||||
- serverDefaultProtocols = getAvailableProtocols(
|
- serverDefaultProtocols = getAvailableProtocols(
|
||||||
- new ProtocolVersion[] {
|
- new ProtocolVersion[] {
|
||||||
- ProtocolVersion.TLS13,
|
- ProtocolVersion.TLS13,
|
||||||
@ -222,6 +223,18 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SSLContextImpl
|
|||||||
- ProtocolVersion.TLS11,
|
- ProtocolVersion.TLS11,
|
||||||
- ProtocolVersion.TLS10
|
- ProtocolVersion.TLS10
|
||||||
- });
|
- });
|
||||||
|
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||||
|
+ .isSystemFipsEnabled()) {
|
||||||
|
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||||
|
+ // the Security Providers available in system FIPS mode.
|
||||||
|
+ supportedProtocols = Arrays.asList(
|
||||||
|
+ ProtocolVersion.TLS12,
|
||||||
|
+ ProtocolVersion.TLS11,
|
||||||
|
+ ProtocolVersion.TLS10,
|
||||||
|
+ ProtocolVersion.SSL30,
|
||||||
|
+ ProtocolVersion.SSL20Hello
|
||||||
|
+ );
|
||||||
|
+
|
||||||
+ serverDefaultProtocols = getAvailableProtocols(
|
+ serverDefaultProtocols = getAvailableProtocols(
|
||||||
+ new ProtocolVersion[] {
|
+ new ProtocolVersion[] {
|
||||||
+ ProtocolVersion.TLS12,
|
+ ProtocolVersion.TLS12,
|
||||||
@ -233,7 +246,9 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SSLContextImpl
|
|||||||
+ ProtocolVersion.TLS13,
|
+ ProtocolVersion.TLS13,
|
||||||
+ ProtocolVersion.TLS12,
|
+ ProtocolVersion.TLS12,
|
||||||
+ ProtocolVersion.TLS11,
|
+ ProtocolVersion.TLS11,
|
||||||
+ ProtocolVersion.TLS10
|
+ ProtocolVersion.TLS10,
|
||||||
|
+ ProtocolVersion.SSL30,
|
||||||
|
+ ProtocolVersion.SSL20Hello
|
||||||
+ );
|
+ );
|
||||||
+
|
+
|
||||||
+ serverDefaultProtocols = getAvailableProtocols(
|
+ serverDefaultProtocols = getAvailableProtocols(
|
||||||
@ -243,44 +258,72 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SSLContextImpl
|
|||||||
+ ProtocolVersion.TLS11,
|
+ ProtocolVersion.TLS11,
|
||||||
+ ProtocolVersion.TLS10
|
+ ProtocolVersion.TLS10
|
||||||
+ });
|
+ });
|
||||||
|
+ }
|
||||||
|
|
||||||
|
supportedCipherSuites = getApplicableSupportedCipherSuites(
|
||||||
|
supportedProtocols);
|
||||||
|
@@ -699,13 +719,26 @@
|
||||||
|
private static final List<CipherSuite> clientDefaultCipherSuites;
|
||||||
|
|
||||||
|
static {
|
||||||
|
- clientDefaultProtocols = getAvailableProtocols(
|
||||||
|
- new ProtocolVersion[] {
|
||||||
|
- ProtocolVersion.TLS13,
|
||||||
|
- ProtocolVersion.TLS12,
|
||||||
|
- ProtocolVersion.TLS11,
|
||||||
|
- ProtocolVersion.TLS10
|
||||||
|
- });
|
||||||
|
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||||
|
+ .isSystemFipsEnabled()) {
|
||||||
|
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||||
|
+ // the Security Providers available in system FIPS mode.
|
||||||
|
+ clientDefaultProtocols = getAvailableProtocols(
|
||||||
|
+ new ProtocolVersion[] {
|
||||||
|
+ ProtocolVersion.TLS12,
|
||||||
|
+ ProtocolVersion.TLS11,
|
||||||
|
+ ProtocolVersion.TLS10
|
||||||
|
+ });
|
||||||
|
+ } else {
|
||||||
|
+ clientDefaultProtocols = getAvailableProtocols(
|
||||||
|
+ new ProtocolVersion[] {
|
||||||
|
+ ProtocolVersion.TLS13,
|
||||||
|
+ ProtocolVersion.TLS12,
|
||||||
|
+ ProtocolVersion.TLS11,
|
||||||
|
+ ProtocolVersion.TLS10
|
||||||
|
+ });
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
|
||||||
|
clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
|
||||||
|
clientDefaultProtocols, true);
|
||||||
|
@@ -842,12 +875,21 @@
|
||||||
|
ProtocolVersion[] candidates;
|
||||||
|
if (refactored.isEmpty()) {
|
||||||
|
// Client and server use the same default protocols.
|
||||||
|
- candidates = new ProtocolVersion[] {
|
||||||
|
- ProtocolVersion.TLS13,
|
||||||
|
- ProtocolVersion.TLS12,
|
||||||
|
- ProtocolVersion.TLS11,
|
||||||
|
- ProtocolVersion.TLS10
|
||||||
|
- };
|
||||||
|
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||||
|
+ .isSystemFipsEnabled()) {
|
||||||
|
+ candidates = new ProtocolVersion[] {
|
||||||
|
+ ProtocolVersion.TLS12,
|
||||||
|
+ ProtocolVersion.TLS11,
|
||||||
|
+ ProtocolVersion.TLS10
|
||||||
|
+ };
|
||||||
|
+ } else {
|
||||||
|
+ candidates = new ProtocolVersion[] {
|
||||||
|
+ ProtocolVersion.TLS13,
|
||||||
|
+ ProtocolVersion.TLS12,
|
||||||
|
+ ProtocolVersion.TLS11,
|
||||||
|
+ ProtocolVersion.TLS10
|
||||||
|
+ };
|
||||||
+ }
|
+ }
|
||||||
} else {
|
} else {
|
||||||
supportedProtocols = Arrays.asList(
|
// Use the customized TLS protocols.
|
||||||
ProtocolVersion.TLS13,
|
candidates =
|
||||||
@@ -620,6 +639,16 @@
|
|
||||||
|
|
||||||
static ProtocolVersion[] getSupportedProtocols() {
|
|
||||||
if (SunJSSE.isFIPS()) {
|
|
||||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
|
||||||
+ .isSystemFipsEnabled()) {
|
|
||||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
|
||||||
+ // the Security Providers available in system FIPS mode.
|
|
||||||
+ return new ProtocolVersion[] {
|
|
||||||
+ ProtocolVersion.TLS12,
|
|
||||||
+ ProtocolVersion.TLS11,
|
|
||||||
+ ProtocolVersion.TLS10
|
|
||||||
+ };
|
|
||||||
+ }
|
|
||||||
return new ProtocolVersion[] {
|
|
||||||
ProtocolVersion.TLS13,
|
|
||||||
ProtocolVersion.TLS12,
|
|
||||||
@@ -949,6 +978,16 @@
|
|
||||||
|
|
||||||
static ProtocolVersion[] getProtocols() {
|
|
||||||
if (SunJSSE.isFIPS()) {
|
|
||||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
|
||||||
+ .isSystemFipsEnabled()) {
|
|
||||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
|
||||||
+ // the Security Providers available in system FIPS mode.
|
|
||||||
+ return new ProtocolVersion[] {
|
|
||||||
+ ProtocolVersion.TLS12,
|
|
||||||
+ ProtocolVersion.TLS11,
|
|
||||||
+ ProtocolVersion.TLS10
|
|
||||||
+ };
|
|
||||||
+ }
|
|
||||||
return new ProtocolVersion[]{
|
|
||||||
ProtocolVersion.TLS13,
|
|
||||||
ProtocolVersion.TLS12,
|
|
||||||
diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SunJSSE.java
|
diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SunJSSE.java
|
||||||
--- openjdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Thu Jan 23 18:22:31 2020 -0300
|
--- openjdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Thu Jan 23 18:22:31 2020 -0300
|
||||||
+++ openjdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Sat Aug 01 23:16:51 2020 -0300
|
+++ openjdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Sat Aug 01 23:16:51 2020 -0300
|
||||||
@ -289,10 +332,10 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SunJSSE.java
|
|||||||
import java.security.*;
|
import java.security.*;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
+
|
+
|
||||||
+import jdk.internal.misc.SharedSecrets;
|
+import jdk.internal.access.SharedSecrets;
|
||||||
import sun.security.rsa.SunRsaSignEntries;
|
|
||||||
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||||
import static sun.security.provider.SunEntries.createAliases;
|
|
||||||
|
/**
|
||||||
@@ -195,8 +197,13 @@
|
@@ -195,8 +197,13 @@
|
||||||
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
|
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
|
||||||
ps("SSLContext", "TLSv1.2",
|
ps("SSLContext", "TLSv1.2",
|
||||||
@ -308,4 +351,4 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SunJSSE.java
|
|||||||
+ }
|
+ }
|
||||||
ps("SSLContext", "TLS",
|
ps("SSLContext", "TLS",
|
||||||
"sun.security.ssl.SSLContextImpl$TLSContext",
|
"sun.security.ssl.SSLContextImpl$TLSContext",
|
||||||
(isfips? null : createAliases("SSL")), null);
|
List.of("SSL"), null);
|
||||||
|
@ -6,7 +6,7 @@ diff --git openjdk.orig/src/java.base/share/classes/java/security/Security.java
|
|||||||
import jdk.internal.event.EventHelper;
|
import jdk.internal.event.EventHelper;
|
||||||
import jdk.internal.event.SecurityPropertyModificationEvent;
|
import jdk.internal.event.SecurityPropertyModificationEvent;
|
||||||
+import jdk.internal.misc.JavaSecuritySystemConfiguratorAccess;
|
+import jdk.internal.misc.JavaSecuritySystemConfiguratorAccess;
|
||||||
import jdk.internal.misc.SharedSecrets;
|
import jdk.internal.access.SharedSecrets;
|
||||||
import jdk.internal.util.StaticProperty;
|
import jdk.internal.util.StaticProperty;
|
||||||
import sun.security.util.Debug;
|
import sun.security.util.Debug;
|
||||||
@@ -74,6 +75,15 @@
|
@@ -74,6 +75,15 @@
|
||||||
|
Loading…
Reference in New Issue
Block a user