From 1294937e9ab449138a4cc5ace230a0b29bc8b1b4 Mon Sep 17 00:00:00 2001 From: Jinhang-Zhang Date: Tue, 23 Aug 2022 01:15:22 -0400 Subject: [PATCH] Enable trustStore properties for FIPS Signed-off-by: Jinhang Zhang --- .../classes/openj9/internal/security/FIPSConfigurator.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/closed/src/java.base/share/classes/openj9/internal/security/FIPSConfigurator.java b/closed/src/java.base/share/classes/openj9/internal/security/FIPSConfigurator.java index 395d8138c96..bf34b233789 100644 --- a/closed/src/java.base/share/classes/openj9/internal/security/FIPSConfigurator.java +++ b/closed/src/java.base/share/classes/openj9/internal/security/FIPSConfigurator.java @@ -116,6 +116,11 @@ public static boolean configureFIPS(Properties props) { props.put("keystore.type", "PKCS11"); System.setProperty("javax.net.ssl.keyStore", "NONE"); + // Add trust store information. + System.setProperty("truststore.type", "PKCS11"); + System.setProperty("javax.net.ssl.trustStore", "NONE"); + System.setProperty("javax.net.ssl.trustStoreProvider", "SunPKCS11-NSS-FIPS"); + // Add FIPS disabled algorithms. String disabledAlgorithms = props.get("jdk.tls.disabledAlgorithms") + ", X25519, X448"