Skip to content

disabled section in ssl-fips page about docker image until docker image is finalised #1848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 4, 2024
Merged

disabled section in ssl-fips page about docker image until docker image is finalised #1848

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 28 additions & 28 deletions modules/ROOT/pages/security/ssl-fips-compatibility.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,38 +20,38 @@ Only xref:installation/requirements.adoc#deployment-requirements-software[Linux
* Install and configure a non-native authentication provider, for example LDAP or SSO. See xref:authentication-authorization/index.adoc[].


[[fips-ssl-provider-docker]]
== Enable FIPS SSL provider (Docker)

The Neo4j RedHat UBI9 Docker image comes with the SSL provider and dependencies pre-installed, but it is not enabled by default.

[NOTE]
====
The Debian based Neo4j Docker image does *not* support FIPS compatible encryption.
====

To enable the OpenSSL FIPS provider, set the environment variable `NEO4J_OPENSSL_FIPS_ENABLE=true` when starting the container.

[source, console, subs="attributes"]
.Example of starting a Neo4j UBI9 container with FIPS enable flag set.
----
docker run -it --rm \
--publish=7474:7474 \
--publish=7687:7687 \
--env=NEO4J_OPENSSL_FIPS_ENABLE=true \
--volume=$HOME/neo4j/data:/data \
--volume=$HOME/neo4j/conf:/conf \
--volume=$HOME/neo4j/certificates:/ssl \
neo4j:{neo4j-version-exact}-enterprise-ubi9
----
// [[fips-ssl-provider-docker]]
// == Enable FIPS SSL provider (Docker)
//
// The Neo4j RedHat UBI9 Docker image comes with the SSL provider and dependencies pre-installed, but it is not enabled by default.
//
// [NOTE]
// ====
// The Debian based Neo4j Docker image does *not* support FIPS compatible encryption.
// ====
//
// To enable the OpenSSL FIPS provider, set the environment variable `NEO4J_OPENSSL_FIPS_ENABLE=true` when starting the container.
//
// [source, console, subs="attributes"]
// .Example of starting a Neo4j UBI9 container with FIPS enable flag set.
// ----
// docker run -it --rm \
// --publish=7474:7474 \
// --publish=7687:7687 \
// --env=NEO4J_OPENSSL_FIPS_ENABLE=true \
// --volume=$HOME/neo4j/data:/data \
// --volume=$HOME/neo4j/conf:/conf \
// --volume=$HOME/neo4j/certificates:/ssl \
// neo4j:{neo4j-version-exact}-enterprise-ubi9
// ----

[[fips-ssl-provider]]
== Enable FIPS SSL provider

[IMPORTANT]
====
Skip this section if using Neo4j in Docker.
====
// [IMPORTANT]
// ====
// Skip this section if using Neo4j in Docker.
// ====

The secure networking in Neo4j is provided through the Netty library, which supports both the native JDK SSL provider and Netty-supported OpenSSL derivatives.
Specifically Netty's _Forked Tomcat Native_ library called https://github.com/netty/netty-tcnative[netty-tcnative].
Expand Down