From ae8b8c3c53c7418d283f7ea55fc89e543b41c6da Mon Sep 17 00:00:00 2001
From: Francisco Ferrari Bihurriet <fferrari@redhat.com>
Date: Thu, 16 Oct 2025 19:05:38 +0200
Subject: [PATCH] OPENJDK-4013: Update nss.fips.cfg to grant CKA_SIGN and
 CKA_ENCRYPT to any CKO_SECRET_KEY

---
 src/java.base/share/conf/security/nss.fips.cfg.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/java.base/share/conf/security/nss.fips.cfg.in b/src/java.base/share/conf/security/nss.fips.cfg.in
index 55bbba98b7aa3..6de716e6b42e4 100644
--- a/src/java.base/share/conf/security/nss.fips.cfg.in
+++ b/src/java.base/share/conf/security/nss.fips.cfg.in
@@ -4,5 +4,5 @@ nssSecmodDirectory = ${fips.nssdb.path}
 nssDbMode = readWrite
 nssModule = fips
 
-attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
+attributes(*,CKO_SECRET_KEY,*)={ CKA_SIGN=true CKA_ENCRYPT=true }