Iwan Igonin

> The Red Hat JDK 21, for example, has a default of fips.keystore.type: PKCS12 @terryquigleysas Thank you for pointing out those limitations. > We'd like to ensure that code checks...

@cwperks @reta I believe this PR is ready for review - can you take a look please?

@cwperks @peternied @terryquigleysas @scrawfor99 @dancristiancecoi Thanks, everyone, for your keen interest in reviewing this change. I should mention that this PR is still very much a WIP. My goal is...

All tests are now successfully running without requiring the BC libraries, by leveraging only the SUN and BCFIPS providers. This demonstrates that including BC libraries in the build process is...

Previously, my main focus was on running the entire test suite without the BC non-FIPS libraries, which was successfully achieved. Now, the latest changes affect FIPS compatibility by running all...

@peternied Are we moving in the right direction?

> Directionally this is looking solid, I've got some background questions to make sure I understand some of the tradeoffs. Definitely, can we set up a direct call? I've contacted...

In the latest commit, the JVM parameter `fips.approved=true` was replaced with the environment variable `OPENSEARCH_CRYPTO_STANDARD=FIPS-140-2`. Additionally, the thread-based solution for enabling FIPS mode was substituted with an extra JVM parameter,...

[fips_build_tooling](https://github.com/opensearch-project/OpenSearch/pull/17907) needs to be merged before this can be opened for review.