rh-openjdk · gnu-andrew · Aug 29, 2022 · Nov 15, 2021
diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
@@ -537,40 +537,22 @@ private abstract static class AbstractTLSContext extends SSLContextImpl {
         private static final List<CipherSuite> serverDefaultCipherSuites;
 
         static {
-            if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-                    .isSystemFipsEnabled()) {
-                // RH1860986: TLSv1.3 key derivation not supported with
-                // the Security Providers available in system FIPS mode.
-                supportedProtocols = Arrays.asList(
-                    ProtocolVersion.TLS12,
-                    ProtocolVersion.TLS11,
-                    ProtocolVersion.TLS10
-                );
-
-                serverDefaultProtocols = getAvailableProtocols(
-                        new ProtocolVersion[] {
-                    ProtocolVersion.TLS12,
-                    ProtocolVersion.TLS11,
-                    ProtocolVersion.TLS10
-                });
-            } else {
-                supportedProtocols = Arrays.asList(
-                    ProtocolVersion.TLS13,
-                    ProtocolVersion.TLS12,
-                    ProtocolVersion.TLS11,
-                    ProtocolVersion.TLS10,
-                    ProtocolVersion.SSL30,
-                    ProtocolVersion.SSL20Hello
-                );
-
-                serverDefaultProtocols = getAvailableProtocols(
-                        new ProtocolVersion[] {
-                    ProtocolVersion.TLS13,
-                    ProtocolVersion.TLS12,
-                    ProtocolVersion.TLS11,
-                    ProtocolVersion.TLS10
-                });
-            }
+            supportedProtocols = Arrays.asList(
+                ProtocolVersion.TLS13,
+                ProtocolVersion.TLS12,
+                ProtocolVersion.TLS11,
+                ProtocolVersion.TLS10,
+                ProtocolVersion.SSL30,
+                ProtocolVersion.SSL20Hello
+            );
+
+            serverDefaultProtocols = getAvailableProtocols(
+                    new ProtocolVersion[] {
+                ProtocolVersion.TLS13,
+                ProtocolVersion.TLS12,
+                ProtocolVersion.TLS11,
+                ProtocolVersion.TLS10
+            });
 
             supportedCipherSuites = getApplicableSupportedCipherSuites(
                     supportedProtocols);
@@ -861,23 +843,12 @@ private static List<ProtocolVersion> customizedProtocols(
             ProtocolVersion[] candidates;
             if (refactored.isEmpty()) {
                 // Client and server use the same default protocols.
-                if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-                        .isSystemFipsEnabled()) {
-                    // RH1860986: TLSv1.3 key derivation not supported with
-                    // the Security Providers available in system FIPS mode.
-                    candidates = new ProtocolVersion[] {
-                            ProtocolVersion.TLS12,
-                            ProtocolVersion.TLS11,
-                            ProtocolVersion.TLS10
-                        };
-                } else {
-                    candidates = new ProtocolVersion[] {
-                            ProtocolVersion.TLS13,
-                            ProtocolVersion.TLS12,
-                            ProtocolVersion.TLS11,
-                            ProtocolVersion.TLS10
-                        };
-                }
+                candidates = new ProtocolVersion[] {
+                        ProtocolVersion.TLS13,
+                        ProtocolVersion.TLS12,
+                        ProtocolVersion.TLS11,
+                        ProtocolVersion.TLS10
+                    };
             } else {
                 // Use the customized TLS protocols.
                 candidates =

diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
@@ -27,8 +27,6 @@
 
 import java.security.*;
 import java.util.*;
-
-import jdk.internal.access.SharedSecrets;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
 
 /**
@@ -104,13 +102,8 @@ private void doRegister() {
             "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
         ps("SSLContext", "TLSv1.2",
             "sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
-        if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-                .isSystemFipsEnabled()) {
-            // RH1860986: TLSv1.3 key derivation not supported with
-            // the Security Providers available in system FIPS mode.
-            ps("SSLContext", "TLSv1.3",
-                "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
-        }
+        ps("SSLContext", "TLSv1.3",
+            "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
         ps("SSLContext", "TLS",
             "sun.security.ssl.SSLContextImpl$TLSContext",
             List.of("SSL"), null);