Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix TLS MSSQL test in FIPS-enabled environment and disable non-TLS MSSQL tests in FIPS-enabled environment #2097

Merged
merged 1 commit into from
Oct 17, 2024
Merged

Fix TLS MSSQL test in FIPS-enabled environment and disable non-TLS MSSQL tests in FIPS-enabled environment #2097

merged 1 commit into from
Oct 17, 2024

Conversation

michalvavrik
Copy link
Member

Summary

Looks like secured communication is required and cannot be disabled in MSSQL JDBC driver by no means I had tried based on https://learn.microsoft.com/en-us/sql/connect/jdbc/fips-mode?view=sql-server-ver16 (no, FIPS property doesn't work). I have tried several providers including SunPKCS11 with RH OpenJDK 17/21 and BouncyCastle FIPS, but only provider that did the trick for MSSQL JDBC driver was BouncyCastle JSSE FIPS. However this provide is not native compatible as documented here https://quarkus.io/guides/security-customization#bouncy-castle-jsse-fips (I tried it, doesn't work). So what this PR does:

  • we have one TLS MSSQL test, that is migrated to BC JSSE FIPS so that we test MSSQL in FIPS-enabled environment
  • remaining MSSQL tests that doesn't use secured communication are disabled in FIPS as native is more important

Note: I tried to migrate all the SQL Server tests to the BC JSSE FIPS and it works.

Please select the relevant options.

  • Bug fix (non-breaking change which fixes an issue)
  • Dependency update
  • Refactoring
  • Backport
  • New scenario (non-breaking change which adds functionality)
  • This change requires a documentation update
  • This change requires execution against OCP (use run tests phrase in comment)

Checklist:

  • Methods and classes used in PR scenarios are meaningful
  • Commits are well encapsulated and follow the best practices

@michalvavrik michalvavrik requested a review from gtroitsk October 16, 2024 19:36
@michalvavrik michalvavrik force-pushed the feature/mssql-fips-debugging branch from 0e3f1c9 to 204d13b Compare October 16, 2024 20:39
gtroitsk
gtroitsk approved these changes Oct 16, 2024
View reviewed changes
Copy link
Member

@gtroitsk gtroitsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@michalvavrik michalvavrik merged commit 621db7b into quarkus-qe:main Oct 17, 2024
7 checks passed
@michalvavrik michalvavrik deleted the feature/mssql-fips-debugging branch October 17, 2024 07:47
@michalvavrik michalvavrik mentioned this pull request Oct 17, 2024
Merged
9 tasks
@michalvavrik michalvavrik mentioned this pull request Oct 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gtroitsk gtroitsk gtroitsk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@michalvavrik @gtroitsk