-
Notifications
You must be signed in to change notification settings - Fork 724
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
java.base/java.util.UUID.nameUUIDFromBytes() requires MD5 which is not available in FIPS mode #20084
Comments
Hi @KostasTsiounis , |
I ran into the same issue with a Semeru 17.0.12.0 docker image (on top of UBI 9). openssl failed (or rejected) to provide an implementation for MD5 in a FIPS enabled OCP cluster. |
You could try |
@KostasTsiounis @kgibm @JamesKingdon |
The Unfortunately, this fix will probably not be in for the release that's coming up in the next few weeks, but rather the one after that, which means sometime in January. |
To help resolve this issue, a few changes have been implemented. First of all, more granular JVM options have been added for the different digests. More specifically, there is a Moreover, additional functionality was added to check if the underlying Those changes should be available in the upcoming Semeru release. I think this issue can be closed after those changes. @jasonkatonica What do you think? |
Pls link the list of changes, I don't see them mentioned in this issue. |
Sure. Here are the PRs for those changes:
|
Given the changes outlined by @KostasTsiounis above this issue can be closed. MD5 from the Sun providers should no longer drive into openssl when openssl is in fips mode. |
Issue Number: 20084 |
The
UUID.nameUUIDFromBytes()
method requires the use ofMD5
. ButMD5
is not FIPS-compliant. So, if theRestrictedSecurity
profile used doesn't includeMD5
or ifRestrictedSecurity
isn't used, but the underlyingOpenSSL
is in FIPS mode, an error occurs and the method cannot be used.The text was updated successfully, but these errors were encountered: