-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lesley,
On 2/12/16 1:31 PM, Lesley Kimmel wrote: > I am looking into how to enable FIPS in Tomcat. The way I interpret > is that I can either use APR connectors with a FIPS-enabled OpenSSL > or configure the java installation to utilize a 3rd party FIPS > library (e.g. JSafe). Is that correct? Correct. There are some Linux package managers that already provide a FIPS-capable OpenSSL library. I'm thinking specifically about Amazon Linux which I'm wildly guessing is only available if you are running in AWS. Other package managers may already have done the FIPS-related leg work for you as well. Once you have a FIPS-capable library (be it OpenSSL or a FIPS-capable JSSE implementation), configuring Tomcat to use it is fairly trivial. The nice part about Tomcat's use of OpenSSL is that Tomcat can be configured to *fail* if FIPS-mode is not enabled. I don't believe the same is true for an arbitrary JSSE implementation. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAla+LjQACgkQ9CaO5/Lv0PC7mwCdEI5WjTW5IuY3h4tXbi4RCKxE YikAoL28/wEkS+tz5/5zuukLGAE8c2JE =cSFp -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
