Chapter 2. Differences from upstream OpenJDK 17
OpenJDK in Red Hat Enterprise Linux contains a number of structural changes from the upstream distribution of OpenJDK. The Windows version of OpenJDK attempts to follow Red Hat Enterprise Linux updates as closely as possible.
The following list details the most notable Red Hat OpenJDK 17 changes:
- FIPS support. Red Hat OpenJDK 17 automatically detects whether the RHEL system is in FIPS mode and automatically configures OpenJDK 17 to operate in that mode. This change does not apply to OpenJDK builds for Microsoft Windows.
- Cryptographic policy support. Red Hat OpenJDK 17 obtains the list of enabled cryptographic algorithms and key size constraints, which are used by for the TLS, a certificate path validation, and signed JARs, from the Red Hat Enterprise Linux system configuration. You can set different security profiles to balance safety and compatibility. This change does not apply to OpenJDK builds for Microsoft Windows.
Red Hat Enterprise Linux dynamically links against native libraries such as
zlibfor archive format support and
giflibfor image support. RHEL also dynamically links against
Freetypefor font rendering and management.
src.zipfile includes the source for all of the JAR libraries shipped with OpenJDK.
- Red Hat Enterprise Linux uses system-wide timezone data files as a source for timezone information.
- Red Hat Enterprise Linux uses system-wide CA certificates.
- Microsoft Windows includes the latest available timezone data from Red Hat Enterprise Linux.
- Microsoft Windows uses the latest available CA certificate from Red Hat Enterprise Linux.
- For more information about detecting if a system is in FIPS mode, see the Improve system FIPS detection example on the Red Hat RHEL Planning Jira web page.
- For more information about cryptographic policies, see Using system-wide cryptographic policies in the Red Hat Enterprise Linux Security hardening guide.