-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris,
On 1/13/2011 11:45 AM, Chris Beckey wrote: > Unfortunately this is a non-negotiable issue with the client, I have to run > in FIPS mode. Gotcha. Can you run in JSSE FIPS mode until Tomcat supports the configuration directly? > Yes, I would be willing to test the addition of a FIPS mode switch to > Tomcat. Great. Add yourself to the CC list of the bugzilla enhancement I added so you can get updates. > The other option is for myself to make the change. It has been a > while since I touched JNI so it would probably be much faster for you to > make the change. Heh... you are under the mistaken impression that I'm a great JNI master. Seriously, though, it ought to be pretty simple: add a flag for FIPS mode, then make sure the SSLContext knows about it. > What I found on running JSSE are the following links: According to markt, JSSE FIPS mode can be configured independently of Tomcat, so there's nothing in the Tomcat configuration that needs improvement for that. Only using APR FIPS mode will require such changes. Please confirm that via comment in bugzilla. Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0vVNwACgkQ9CaO5/Lv0PBN3QCgoLWTTfG/Vnw6C4COQ4RXo0zO LzEAnRHUYnOu86OpiA+cGbvhZLkJqoE8 =sAFz -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
