Gašper Čefarin created ARTEMIS-5768:
---------------------------------------
Summary: Replace Blowfish algorithm for encoding passwords
Key: ARTEMIS-5768
URL: https://issues.apache.org/jira/browse/ARTEMIS-5768
Project: ActiveMQ Artemis
Issue Type: Task
Components: Broker
Affects Versions: 2.44.0
Reporter: Gašper Čefarin
This comes from RedHat documentation, where they state it's not possible to use
the default encoding algorithm in "FIPS mode" from Activemq Artemis when using
their "AMQ broker":
AMQ Broker 7.13 is FIPS-tolerant, which means it automatically runs on a
FIPS-enabled OpenShift cluster or RHEL system. One caveat is that the broker
cannot use the default codec,
org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec, to encode
passwords. The default codec uses the Blowfish algorithm, which is not
FIPS-tolerant. The Blowfish algorithm is deprecated in 7.13. For more
information, see [Disabling FIPS
mode|https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.13/html-single/deploying_amq_broker_on_openshift/index#proc-br-disable-fips-mode_ocp]
in _Deploying AMQ Broker on OpenShift_ and [Disabling FIPS
mode|https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.13/html-single/configuring_amq_broker/index#proc_br-disabling-fips_configuring]
in _Configuring AMQ Broker_.
link:
https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13/html/release_notes_for_red_hat_amq_broker_7.13/enhancements
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
