ffang commented on PR #1893: URL: https://github.com/apache/cxf/pull/1893#issuecomment-2132386103
what I have done in this PR 1. introduce a system property "fips.enabled", when it's true, switch the security algorithms which are not allowed in fips to fips compliant ones. Mainly they are from AES_CBC to AES_GCM; from RSA_OAEP to RSA1_5. This needs the Apache WSS4J side change also. Please see https://issues.apache.org/jira/browse/WSS-711 The default value of "fips.enabled" is false. So the default behaviour is the same as before. 2. A maven profile "fips" is introduced. So just run "mvn clean install -Pfips" on a fips enabled machine/jdk should be sufficient. 3. Several fips compliant ws-securitypolicy names are introduced to help easily run in fips mode 4. A lot security related tests are revised to pick up the fips compliant configurations/keys/certs when running tests with fips profile. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
