From 5df47e0f4c8245ae9d2b5eb45e380ec458eeabd3 Mon Sep 17 00:00:00 2001
From: Jason Feng <fengj@ca.ibm.com>
Date: Thu, 8 Aug 2024 08:41:36 -0400
Subject: [PATCH 1/2] JDK17 adds OpenJ9 properties vm.flagless

Set it to true.

Signed-off-by: Jason Feng <fengj@ca.ibm.com>
---
 closed/test/jtreg-ext/requires/OpenJ9PropsExt.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/closed/test/jtreg-ext/requires/OpenJ9PropsExt.java b/closed/test/jtreg-ext/requires/OpenJ9PropsExt.java
index fbdce123de0..410bfc87556 100644
--- a/closed/test/jtreg-ext/requires/OpenJ9PropsExt.java
+++ b/closed/test/jtreg-ext/requires/OpenJ9PropsExt.java
@@ -40,6 +40,7 @@ public Map<String, String> call() {
             map.put("vm.bits", vmBits());
             map.put("vm.compiler2.enabled", "false");
             map.put("vm.debug", "false");
+            map.put("vm.flagless", "true");
             map.put("vm.gc.G1", "false");
             map.put("vm.gc.Parallel", "false");
             map.put("vm.gc.Serial", "false");

From c7d5997038d68f426bd8c1141e4d6d9ebac13c82 Mon Sep 17 00:00:00 2001
From: JinhangZhang <Jinhang.Zhang@ibm.com>
Date: Thu, 18 Jul 2024 15:02:03 -0400
Subject: [PATCH 2/2] Disable more DHE related ciphersuites

DHE related cipher suites need Diffie-Hellman crypto
services. However, those crypto services are not
allowed in strict profile in FIPS140-3.

Signed-off-by: Jinhang Zhang <Jinhang.Zhang@ibm.com>
---
 src/java.base/share/conf/security/java.security | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index 413e9b407b6..e480b9ddfe9 100644
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -182,7 +182,7 @@ RestrictedSecurity.NSS.140-2.securerandom.algorithm = PKCS11
 RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.desc.name = OpenJCEPlusFIPS Cryptographic Module FIPS 140-3
 RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.desc.default = false
 RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.desc.fips = true
-RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.desc.hash = SHA256:e71c49d65fd291efe75993ccbe6999e6cfb26bf9ef3e8424cb086c7e2a225ce6
+RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.desc.hash = SHA256:dd19c8f8f2578cf400c11b5c7d003684cba5fc4999ac5c55d2a73099f70f9582
 RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.desc.number = Certificate #XXX
 RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.desc.policy = https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/
 RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.desc.sunsetDate = 2026-09-21
@@ -207,7 +207,11 @@ RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.tls.disabledAlgorithms = \
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, \
     TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, \
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, \
     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, \
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \