Bug 2090378 - Revert to disabling system security properties and FIPS mode support together [rhel-8, openjdk-11]
Summary: Revert to disabling system security properties and FIPS mode support together...
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: java-11-openjdk
Version: 8.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Andrew John Hughes
QA Contact: OpenJDK QA
: 2090322 (view as bug list)
Depends On:
Blocks: 2108248 2108249
TreeView+ depends on / blocked
Reported: 2022-05-25 16:01 UTC by Severin Gehwolf
Modified: 2022-11-08 09:50 UTC (History)
5 users (show)

Fixed In Version: java-11-openjdk-
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2108248 2108249 (view as bug list)
Last Closed: 2022-11-08 09:21:51 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github rh-openjdk jdk11u pull 3 0 None Merged FIPS Backports for July 2022 Security Update 2022-10-19 15:37:05 UTC
Red Hat Issue Tracker RHELPLAN-123380 0 None None None 2022-05-25 16:04:29 UTC
Red Hat Product Errata RHBA-2022:6693 0 None None None 2022-11-08 09:22:48 UTC

Description Severin Gehwolf 2022-05-25 16:01:07 UTC
Description of problem:
Right now there is no way to disable OpenJDK FIPS for all java applications running on a FIPS enabled host. I.e. let everything else - non-Java - be in FIPS mode, but disable it for OpenJDK applications.

Version-Release number of selected component (if applicable):

Actual results:
FIPS mode needs to be disabled with '-Dcom.redhat.fips=false -Djava.security.disableSystemPropertiesFile=true' for *every* Java application.

Expected results:
Modify some configuration file that changes this for all Java applications on the current host.

Additional Info:
Prior to the improved FIPS support patch, which didn't use /proc, there was the possibility to set security.useSystemPropertiesFile=false in java.security config file which disabled FIPS globally on the system.

Comment 3 Mike Millson 2022-05-25 21:19:55 UTC
*** Bug 2090322 has been marked as a duplicate of this bug. ***

Comment 32 errata-xmlrpc 2022-11-08 09:21:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (java-11-openjdk bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.