diff --git a/build-tools-internal/src/main/resources/fips_java.policy b/build-tools-internal/src/main/resources/fips_java.policy index 26a52e8f93a5b..c7d299f05b838 100644 --- a/build-tools-internal/src/main/resources/fips_java.policy +++ b/build-tools-internal/src/main/resources/fips_java.policy @@ -4,11 +4,6 @@ grant { permission java.security.SecurityPermission "getProperty.keystore.type.compat"; permission java.security.SecurityPermission "getProperty.jdk.tls.disabledAlgorithms"; permission java.security.SecurityPermission "getProperty.jdk.certpath.disabledAlgorithms"; - permission java.security.SecurityPermission "getProperty.jdk.tls.server.defaultDHEParameters"; - permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.disable_f2m"; - permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.disable"; - permission java.security.SecurityPermission "getProperty.org.bouncycastle.tripledes.allow_weak"; - permission java.security.SecurityPermission "getProperty.org.bouncycastle.drbg.gather_pause_secs"; permission java.lang.RuntimePermission "getProtectionDomain"; permission java.util.PropertyPermission "java.runtime.name", "read"; permission org.bouncycastle.crypto.CryptoServicesPermission "tlsAlgorithmsEnabled"; diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfiguration.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfiguration.java index 0f8413dcbd704..ba37627712e8f 100644 --- a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfiguration.java +++ b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfiguration.java @@ -53,12 +53,7 @@ public record SslConfiguration( static { LinkedHashMap protocolAlgorithmMap = new LinkedHashMap<>(); - try { - SSLContext.getInstance("TLSv1.3"); - protocolAlgorithmMap.put("TLSv1.3", "TLSv1.3"); - } catch (NoSuchAlgorithmException e) { - // ignore since we support JVMs using BCJSSE in FIPS mode which doesn't support TLSv1.3 //TODO: -> can i remove this ? - } + protocolAlgorithmMap.put("TLSv1.3", "TLSv1.3"); protocolAlgorithmMap.put("TLSv1.2", "TLSv1.2"); protocolAlgorithmMap.put("TLSv1.1", "TLSv1.1"); protocolAlgorithmMap.put("TLSv1", "TLSv1"); diff --git a/test/test-clusters/src/main/resources/fips/fips_java.policy b/test/test-clusters/src/main/resources/fips/fips_java.policy index 26a52e8f93a5b..c7d299f05b838 100644 --- a/test/test-clusters/src/main/resources/fips/fips_java.policy +++ b/test/test-clusters/src/main/resources/fips/fips_java.policy @@ -4,11 +4,6 @@ grant { permission java.security.SecurityPermission "getProperty.keystore.type.compat"; permission java.security.SecurityPermission "getProperty.jdk.tls.disabledAlgorithms"; permission java.security.SecurityPermission "getProperty.jdk.certpath.disabledAlgorithms"; - permission java.security.SecurityPermission "getProperty.jdk.tls.server.defaultDHEParameters"; - permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.disable_f2m"; - permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.disable"; - permission java.security.SecurityPermission "getProperty.org.bouncycastle.tripledes.allow_weak"; - permission java.security.SecurityPermission "getProperty.org.bouncycastle.drbg.gather_pause_secs"; permission java.lang.RuntimePermission "getProtectionDomain"; permission java.util.PropertyPermission "java.runtime.name", "read"; permission org.bouncycastle.crypto.CryptoServicesPermission "tlsAlgorithmsEnabled";