Chapter 2. Differences from upstream OpenJDK 17

OpenJDK in Red Hat Enterprise Linux contains a number of structural changes from the upstream distribution of OpenJDK. The Windows version of OpenJDK attempts to follow Red Hat Enterprise Linux updates as closely as possible.

The following list details the most notable Red Hat OpenJDK 17 changes:

  • FIPS support. Red Hat OpenJDK 17 automatically detects whether the RHEL system is in FIPS mode and automatically configures OpenJDK 17 to operate in that mode. This change does not apply to OpenJDK builds for Microsoft Windows.
  • Cryptographic policy support. Red Hat OpenJDK 17 obtains the list of enabled cryptographic algorithms and key size constraints, which are used by for the TLS, a certificate path validation, and signed JARs, from the Red Hat Enterprise Linux system configuration. You can set different security profiles to balance safety and compatibility. This change does not apply to OpenJDK builds for Microsoft Windows.
  • Red Hat Enterprise Linux dynamically links against native libraries such as zlib for archive format support and libjpeg-turbo, libpng, and giflib for image support. RHEL also dynamically links against Harfzbuzz and Freetype for font rendering and management.
  • The file includes the source for all of the JAR libraries shipped with OpenJDK.
  • Red Hat Enterprise Linux uses system-wide timezone data files as a source for timezone information.
  • Red Hat Enterprise Linux uses system-wide CA certificates.
  • Microsoft Windows includes the latest available timezone data from Red Hat Enterprise Linux.
  • Microsoft Windows uses the latest available CA certificate from Red Hat Enterprise Linux.

Additional resources