You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
disabled section in ssl-fips page about docker image until docker image is finalised (#1848) (#1849)
the FIPS features had to be rolled back from the docker image, so we
need to remove that section of the documentation for now. It will return
once the docker image name is finalised so I only commented out the
relevant bits.
Co-authored-by: Jenny Owen <[email protected]>
Copy file name to clipboardExpand all lines: modules/ROOT/pages/security/ssl-fips-compatibility.adoc
+28-28Lines changed: 28 additions & 28 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,38 +20,38 @@ Only xref:installation/requirements.adoc#deployment-requirements-software[Linux
20
20
* Install and configure a non-native authentication provider, for example LDAP or SSO. See xref:authentication-authorization/index.adoc[].
21
21
22
22
23
-
[[fips-ssl-provider-docker]]
24
-
== Enable FIPS SSL provider (Docker)
25
-
26
-
The Neo4j RedHat UBI9 Docker image comes with the SSL provider and dependencies pre-installed, but it is not enabled by default.
27
-
28
-
[NOTE]
29
-
====
30
-
The Debian based Neo4j Docker image does *not* support FIPS compatible encryption.
31
-
====
32
-
33
-
To enable the OpenSSL FIPS provider, set the environment variable `NEO4J_OPENSSL_FIPS_ENABLE=true` when starting the container.
34
-
35
-
[source, console, subs="attributes"]
36
-
.Example of starting a Neo4j UBI9 container with FIPS enable flag set.
37
-
----
38
-
docker run -it --rm \
39
-
--publish=7474:7474 \
40
-
--publish=7687:7687 \
41
-
--env=NEO4J_OPENSSL_FIPS_ENABLE=true \
42
-
--volume=$HOME/neo4j/data:/data \
43
-
--volume=$HOME/neo4j/conf:/conf \
44
-
--volume=$HOME/neo4j/certificates:/ssl \
45
-
neo4j:{neo4j-version-exact}-enterprise-ubi9
46
-
----
23
+
// [[fips-ssl-provider-docker]]
24
+
// == Enable FIPS SSL provider (Docker)
25
+
//
26
+
// The Neo4j RedHat UBI9 Docker image comes with the SSL provider and dependencies pre-installed, but it is not enabled by default.
27
+
//
28
+
// [NOTE]
29
+
// ====
30
+
// The Debian based Neo4j Docker image does *not* support FIPS compatible encryption.
31
+
// ====
32
+
//
33
+
// To enable the OpenSSL FIPS provider, set the environment variable `NEO4J_OPENSSL_FIPS_ENABLE=true` when starting the container.
34
+
//
35
+
// [source, console, subs="attributes"]
36
+
// .Example of starting a Neo4j UBI9 container with FIPS enable flag set.
37
+
// ----
38
+
// docker run -it --rm \
39
+
// --publish=7474:7474 \
40
+
// --publish=7687:7687 \
41
+
// --env=NEO4J_OPENSSL_FIPS_ENABLE=true \
42
+
// --volume=$HOME/neo4j/data:/data \
43
+
// --volume=$HOME/neo4j/conf:/conf \
44
+
// --volume=$HOME/neo4j/certificates:/ssl \
45
+
// neo4j:{neo4j-version-exact}-enterprise-ubi9
46
+
// ----
47
47
48
48
[[fips-ssl-provider]]
49
49
== Enable FIPS SSL provider
50
50
51
-
[IMPORTANT]
52
-
====
53
-
Skip this section if using Neo4j in Docker.
54
-
====
51
+
// [IMPORTANT]
52
+
// ====
53
+
// Skip this section if using Neo4j in Docker.
54
+
// ====
55
55
56
56
The secure networking in Neo4j is provided through the Netty library, which supports both the native JDK SSL provider and Netty-supported OpenSSL derivatives.
57
57
Specifically Netty's _Forked Tomcat Native_ library called https://github.com/netty/netty-tcnative[netty-tcnative].
0 commit comments