[
https://issues.apache.org/jira/browse/NIFI-14048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17908343#comment-17908343
]
Joe Witt commented on NIFI-14048:
---------------------------------
Good plan + less knobs.
> Ed25519 and RHEL 9 in FIPS Mode
> -------------------------------
>
> Key: NIFI-14048
> URL: https://issues.apache.org/jira/browse/NIFI-14048
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Security
> Affects Versions: 2.0.0
> Environment: On a Red Hat 9.5 FIPS mode installation, NiFi 2.0 will
> not start since Ed25519 (and Ed448) signatures are disabled in the
> system-wide FIPS crypto policy. We are unable to deviate from this crypto
> policy.
> Reporter: Angela E
> Priority: Critical
>
> On a Red Hat 9.5 FIPS mode installation, NiFi 2.0 will not start since
> Ed25519 (and Ed448) signatures are disabled in the system-wide FIPS crypto
> policy. We are unable to deviate from this crypto policy.
>
> JSON Web Token change in NiFi 2.0.0-M4 as referenced in:
>
> https://issues.apache.org/jira/browse/NIFI-13424
>
> When attempting to start, NiFi issues this exception:
>
> Factory method 'keyGenerationCommand' threw exception with message:
> java.security.NoSuchAlgorithmException: Ed25519 KeyPairGenerator not available
>
> Recommending an optional setting in nifi.properties to allow the JWT to
> revert to previous PS512 signatures.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
