Commit Graph

5 Commits

Author SHA1 Message Date
Ioannis Kakavas 2ea3073a5e
Use BCFIPS 1.0.2 in our CI (#63116)
Bouncy Castle's BC-FJA-1.0.2 has been certified for a while now
but we had noticed that it seems to be rather entropy hungry and
ES would start very slowly ( and tests would take forever )
because of blocking calls to /dev/random.

We verified that this is resolved when enabling hw RNG or a
software one like haveged. While rng-tools should be suggested for
production uses, our ephemeral workers have haveged installed
which should work just fine for CI.

Backport of 63099
2020-10-01 14:48:53 +03:00
Ioannis Kakavas 7b021bf3fb
Run zulu8 fips CI with BCJSSE instead of SunJSSE (#61857)
As we figured out in
https://github.com/elastic/elasticsearch/issues/61316#issuecomment-685482708
Azul brings back a lot of changes from JDK 11 to their Zulu8 build
and this means that we can't run this with SunJSSE in FIPS 140 mode.

This change ensures that we configure Zulu8 JDK JVMs in FIPS 140
mode, using the bouncy castle JSSE FIPS provider, instead of the
SunJSSE one ( as we do for the rest of the java 8 JVMs )

Resolves: #61316
2020-09-04 14:53:43 +03:00
Jake Landis cb9f4cdae2
Fix the REST FIPS tests (#61001)
Adds bouncycastle to classpath for tests and testclusters
2020-08-13 16:23:54 -07:00
Rene Groeschke f8a63bbdb5
Fix deprecation warning in fips.gradle (#60802) 2020-08-06 10:09:05 +02:00
Ryan Ernst 6ccdceec79
Move test fips configuration to script plugin (#57251)
This commit moves the configuration of all test jvms for fips to a
script plugin. Fips testing is something very specific to the
Elasticsearch build and does not need to be passed on to plugin authors.
2020-06-01 10:43:54 -07:00