Startsida Utforska Hjälp
Logga in
lqb
/
elasticsearch
spegling av https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

Remove limitation for SAML encryption in FIPS mode (#48948)

Our documentation regarding FIPS 140 claimed that when using SAML
in a JVM that is configured in FIPS approved only mode, one could
not use encrypted assertions. This stemmed from a wrong
understanding regarding the compliance of RSA-OAEP which is used
as the key wrapping algorithm for encrypting the key with which the
SAML Assertion is encrypted.

However, as stated for instance in
https://downloads.bouncycastle.org/fips-java/BC-FJA-SecurityPolicy-1.0.0.pdf
RSA-OAEP is approved for key transport, so this limitation is not
effective.

This change removes the limitation from our FIPS 140 related
documentation.
Ioannis Kakavas 6 år sedan
förälder
257e45d217
incheckning
75b31253d6
1 ändrade filer med 0 tillägg och 2 borttagningar
Delad Vy Visa Diff Statistik
  1. 0 2
      x-pack/docs/en/security/fips-140-compliance.asciidoc

+ 0 - 2
x-pack/docs/en/security/fips-140-compliance.asciidoc
Visa fil 

@@ -121,5 +121,3 @@ features are not available while running in fips mode. The list is as follows:
 
   can be later used in the FIPS 140-2 enabled JVM.
 
 * The SQL CLI client cannot run in a FIPS 140-2 enabled JVM while using
 
   TLS for transport security or PKI for client authentication.
 
-* The SAML Realm cannot decrypt and consume encrypted Assertions or encrypted
 
-  attributes in Attribute Statements from the SAML IdP.