Skip to content

Commit

Permalink
Merge pull request #196 from ibmruntimes/openj9
Browse files Browse the repository at this point in the history 
Merge Support For AES/GCM Cipher For FIPS Mode to 0.38
  • Loading branch information
@JasonFengJ9
JasonFengJ9 authored Mar 30, 2023
2 parents 267a5a7 + fc8b0b9 commit 2be39ca
Showing 1 changed file with 34 additions and 21 deletions.
55 changes: 34 additions & 21 deletions src/java.base/share/conf/security/java.security
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,29 +87,42 @@ security.provider.tbd=SunPKCS11
# Java Restricted Security Mode
#
RestrictedSecurity1.desc.name = Red Hat Enterprise Linux 8 NSS Cryptographic Module FIPS 140-2
RestrictedSecurity1.desc.number = Certificate #3946
RestrictedSecurity1.desc.policy = https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3946
RestrictedSecurity1.desc.sunsetDate = 2026-06-06
RestrictedSecurity1.desc.number = Certificate #4413
RestrictedSecurity1.desc.policy = https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4413
RestrictedSecurity1.desc.sunsetDate = 2026-09-21

RestrictedSecurity1.tls.disabledNamedCurves =
RestrictedSecurity1.tls.disabledAlgorithms = X25519, X448, SSLv3, TLSv1, TLSv1.1, \
TLS_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, \
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, \
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, \
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_AES_256_GCM_SHA384, \
TLS_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, \
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, \
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, \
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, \
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, \
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, \
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
RestrictedSecurity1.tls.disabledAlgorithms = \
SSLv3, \
TLS_AES_128_GCM_SHA256, \
TLS_AES_256_GCM_SHA384, \
TLS_CHACHA20_POLY1305_SHA256, \
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, \
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, \
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, \
TLS_DHE_DSS_WITH_AES_256_CBC_SHA, \
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, \
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, \
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, \
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, \
TLS_EMPTY_RENEGOTIATION_INFO_SCSV, \
TLS_RSA_WITH_AES_128_CBC_SHA, \
TLS_RSA_WITH_AES_128_CBC_SHA256, \
TLS_RSA_WITH_AES_128_GCM_SHA256, \
TLS_RSA_WITH_AES_256_CBC_SHA, \
TLS_RSA_WITH_AES_256_CBC_SHA256, \
TLS_RSA_WITH_AES_256_GCM_SHA384, \
TLSv1, \
TLSv1.1, \
X25519, \
X448
RestrictedSecurity1.tls.ephemeralDHKeySize =
RestrictedSecurity1.tls.legacyAlgorithms =

Expand Down

0 comments on commit 2be39ca

Please sign in to comment.