Re: Fedora 33 System-Wide Change proposal: java-11-openjdk as system JDK in F33

Alex Scheel <ascheel@xxxxxxxxxx> · Mon, 30 Mar 2020 13:05:28 -0400 (EDT)

----- Original Message -----
> From: "Andrew Haley" <aph@xxxxxxxxxx>
> To: "Development discussions related to Fedora" <devel@xxxxxxxxxxxxxxxxxxxxxxx>, "Alex Scheel" <ascheel@xxxxxxxxxx>
> Cc: "Omair Majid" <omajid@xxxxxxxxxx>
> Sent: Monday, March 30, 2020 12:36:23 PM
> Subject: Re: Fedora 33 System-Wide Change proposal: java-11-openjdk as system JDK in F33
> 
> On 3/30/20 4:47 PM, Alex Scheel wrote:
> > For one example here, take the long-standing Debian ticket against Dogtag:
> > 
> > https://www.pagure.io/dogtagpki/issue/3088
> > 
> > OpenJDK 11 moved to TLS v1.3, but didn't fully implement the spec: PHA
> > isn't
> > available. This is a requirement for our particular application.
> > 
> > It isn't clear why forcing TLS v1.2 didn't fix this issue. TLS v1.2 works
> > fine
> > on OpenJDK 8. IMO, this makes it a JDK11 bug. And not the type we have time
> > to
> > debug and figure out what broke in OpenJDK.
> > 
> > 
> > With the introduction of JSS's SSLEngine, we can work around this problem,
> > but
> > that isn't yet merged.
> > 
> > https://github.com/dogtagpki/jss/pull/150
> 
> Tricky. It's kinda inevitable that some things will break at some time. We
> have to decide whether Dogtag is a blocker for JDK 11 as system JDK.

FWIW, Dogtag is part of IPA, which is already a blocker for GA releases. But,
we're concurrently working on an alternative SSLEngine implementation that will
fix our problems by not using the JDK TLS stack.

- Alex

> --
> Andrew Haley  (he/him)
> Java Platform Lead Engineer
> Red Hat UK Ltd. <https://www.redhat.com>
> https://keybase.io/andrewhaley
> EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
> 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx