https://bz.apache.org/bugzilla/show_bug.cgi?id=64614
--- Comment #9 from Remy Maucherat <r...@apache.org> --- (In reply to Christopher Schultz from comment #8) > Seems like an awful hack. > > Perhaps instead we should have a configuration attribute like > dontWrapKeyManager="true|false" and them simply do not wrap in the first > place. Or is the wrapping required for other things? If there's really a need to avoid wrapping when FIPS is used, then it should be done here: https://github.com/apache/tomcat/blob/master/java/org/apache/tomcat/util/net/SSLUtilBase.java#L369 (using a new abstract method to detect FIPS JSSE) But there's probably no need for new explicit configuration, if it won't work. And log something if wrapping was desired but cannot be done due to FIPS. So context.getProvider().getInfo().indexOf("FIPS") != -1 is a 100% correct way to test for FIPS ? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
