Bug 2014193

Summary: Enable the import of plain keys into the NSS Software Token while in FIPS mode [rhel-8, openjdk-8] [rhel-8.4.0.z]
Product: Red Hat Enterprise Linux 8 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: java-1.8.0-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED ERRATA QA Contact: OpenJDK QA <java-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 8.4CC: ahughes, dwojewod, jandrlik, jvanek, leiyu, mbalao, mmillson, orivat, rrelyea, ssorce
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: java-1.8.0-openjdk-1.8.0.312.b05-0.4.ea.el8_4 Doc Type: Bug Fix
Doc Text:
While in FIPS mode, the NSS Software Token does not allow the import of private or secret plain keys. This caused the OpenJDK keytool application to fail when used with OpenJDK in FIPS mode. With this update, OpenJDK will now import such keys into the NSS database. This behaviour may be disabled using -Dcom.redhat.fips.plainKeySupport=false.
 Story Points: ---
Clone Of: 1994659 Environment:
Last Closed: 2021-10-20 13:40:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1994659, 2014201, 2014204    
Bug Blocks:    

Comment 8 errata-xmlrpc 2021-10-20 13:40:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: java-1.8.0-openjdk security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3893