-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible problem with v2.6.1 with RHEL8 in FIPS mode and using Java 17 #736
Comments
I have some more information, in case it helps, and I pushed on a bit further. It turns out that it requires the pin to either be set in java.security, or as a system property on the command line. So, adding
when I run |
We run SoftHSM on Java 17 but not for Gradle. |
My team and I work on an enclave where we have future requirements of being FIPS compliant, and using something like SoftHSM for all of our X509 certificate accesses would help a lot. |
I don't think that SoftHSM has been FIPS certified. Contrary to OpenSSL which has a FIPS module. Anyway, I will try reproducing your issue. |
I have followed all of the instructions, and I have looked through a lot of results on google, but there is an error that I am getting that seems like it should not be happening. Here are the details:
I am trying to run gradle (even
gradle init
) on an EC2 instance where I have enabled FIPS mode, and configured SoftHSM 2 as my PKCS#11 provider. This is RHEL 8.9 and SoftHSM is 2.6.1 (from EPEL).Whenever I run gradle, I always get (abbreviated stack trace):
My
~/.config/softhsm2/softhsm2.conf
looks like this:My Java 17 security file has these for the FIPS providers:
The PKCS11 config file (referenced in the fips provider directly above) looks like this:
In my
~/.gradle/gradle.properties
, I have tried using system properties:I have tried including these args in the
JAVA_OPTS
,GRADLE_OPTS
, andDEFAULT_JVM_ARGS
environment variables, and I have also even commented out the jvmargs in gradle.properties. In all cases, I keep getting this same error. You may have noticedshowInfo = true
above, and it always shows that it is accessing PKCS11:Does this seem like a bug? I have checked, double checked, triple-checked, and probably many more iterations of that, though I cannot find the problem. Can I provide any further information if this is worth looking into as a bug?
The text was updated successfully, but these errors were encountered: