This does not appear to be a JDK issue. You are using JAR files from
Bouncy Castle, so I think you should contact them for assistance.
Thanks,
Sean
On 10/8/25 3:26 AM, Isha K wrote:
Hi
This mail is to check with you on two issues we are facing.
1. In our application for tls handshake, we are using tomcat 10.1.44
server along with JDK 17.0.3+7.
In our application, we observed that in non fips mode using tls1.2/
tls1.3 protocol, session tickets are sent, but not in fips mode where we
are using bcfips-2.0.1 , bctls-fips-2.0.20, bcutil-fips-2.0.3 and
bcpkix-fips-2.0.8 jars.
Is it expected behaviour? I checked online but didn't find any
supporting statements.
2. In non fips we had this property javax.net.debug in jvm.properties
which would give us details on the handshake in catalina.out file , but
in fips this property is not working.
To enable fips we are setting bcfips, bcjsse provider as 1st and 2nd
priority in java.security file.
Please let me know if any other details are required.
Your response will help us in narrowing down the issue and work on the
actual ones.
Waiting keenly for your response.
Regards
Raveena
