[wildfly-dev] Supporting FIPS in domain mode

Brian Stansberry brian.stansberry at redhat.com
Thu Nov 19 10:50:41 EST 2015


Darran's the expert on this, but my initial naive question is whether 
this can be split into two logical use cases:

1) Where we know TLS is not going to be used on the HC<->server connection.

2) Where we don't know that.

I ask because if case 2 is harder or requires changes that don't belong 
in a micro release (e.g. management model changes) perhaps we can first 
deal with case 1. My impression from the initial bug report is that 
SSL/TLS was not configured on the host's management interfaces.

On 11/19/15 4:25 AM, Ryan Emerson wrote:
> Hello All,
>
> Currently domain mode is unable to execute when the JVM has FIPS enabled. See [1] for example config files and the resulting stacktrace.
>
> I am looking into this issue (SET engineer), however my current knowledge of core and FIPS is limited.  What are your thoughts on how to implement FIPS compatibility? Is there any fundamental reasons why such a feature shouldn't be supported?
>
> [1] https://issues.jboss.org/browse/WFCORE-1135
>
> Thanks
> Ryan
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>


-- 
Brian Stansberry
Senior Principal Software Engineer
JBoss by Red Hat


More information about the wildfly-dev mailing list