BugZero | Red Hat BugID RHEL-3426 - Support TLS 1.3 in FIPS mode [rhel-8, openjdk-11]

Red Hat - Defect ID: RHEL-3426

Support TLS 1.3 in FIPS mode [rhel-8, openjdk-11]

Red Hat - Defect ID: RHEL-3426

Support TLS 1.3 in FIPS mode [rhel-8, openjdk-11]

Last updated on 3/14/2025

Overall: 7.67.6

Severity: 8.28.2

Community: 5.55.5

Lifecycle: 6.46.4

What is the BugZero Risk Score?

Vendor details

Priority: Undefined
Status: Closed
Impact Category: java-11-openjdk

Overall: 7.67.6

Severity: 8.28.2

Community: 5.55.5

Lifecycle: 6.46.4

What is the BugZero Risk Score?

Vendor details

Priority: Undefined
Status: Closed
Impact Category: java-11-openjdk

Issue

This bug was initially created as a copy of Bug #2020290 I am copying this bug because: Support needed in java-11-openjdk too. When OpenJDK runs on a FIPS-configured system, TLS 1.3 (implemented in the SunJSSE security provider) is disabled both on the server and client sides (RH1860986). The reason is that the PKCS#11 key derivation mechanism for TLS 1.3 is not supported in the SunPKCS11 security provider; and the SunJSSE code for key derivation would require to import plain secret keys into an NSS Software Token (blocked by RH1991003). The goal of this task is to implement a solution to re-enable TLS 1.3 on both server and client sides when OpenJDK runs in FIPS mode.

Release Notes

No. of Comments

Resolution

Won't Do

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Red Hat - Defect ID: RHEL-3426

Support TLS 1.3 in FIPS mode [rhel-8, openjdk-11]

Red Hat - Defect ID: RHEL-3426

Support TLS 1.3 in FIPS mode [rhel-8, openjdk-11]

Last updated on 3/14/2025

Vendor details

Vendor details

Description

Issue

Release Notes

No. of Comments

Resolution

Links

Top Red Hat defects by risk score

Ready to prevent the next vendor outage?