Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73334

plugin is not FIPS compliant

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Minor Minor
    • credentials-plugin
    • None
    • 1361.v56f5ca_35d21c

      The Credentials plugin uses a hard coded PKCS#12 store for CertificateCredentialsImpl (KeyStoreSource)

       

      PKCS#12 is not FIPS compliant due to the use of the outer integrity check.

       

      As such this functionality should not be usable when in FIPS mode.

          [JENKINS-73334] plugin is not FIPS compliant

          James Nord created issue -
          James Nord made changes -
          Assignee New: James Nord [ teilo ]
          James Nord made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          James Nord made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          James Nord made changes -
          Remote Link New: This issue links to "jenkinsci/credentials-plugin#539 (Web Link)" [ 29700 ]
          James Nord made changes -
          Released As New: 1371.vfee6b_095f0a_3
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]
          James Nord made changes -
          Status Original: Resolved [ 5 ] New: Closed [ 6 ]
          James Nord made changes -
          Released As Original: 1371.vfee6b_095f0a_3 New: 1361.v56f5ca_35d21c
          James Nord made changes -
          Remote Link New: This issue links to "BC support for updated PBE in PKCS#12 (Web Link)" [ 29822 ]

            teilo James Nord
            teilo James Nord
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: