![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |
• Ensure that the ssl_server_ciphers parameter for the EMS server is configured to use a supported cipher suite. Supported cipher suites are listed below.When fips140-2 is enabled, on start-up the EMS server initializes in compliance with FIPS 140-2. If the initialization is successful, the EMS server prints a message indicating that it is operating in this mode. If the initialization fails, the server exits (regardless of the startup_abort_list setting).In order to operate in FIPS compliant mode, you must not include these parameters in the tibemsd.conf file:These parameters cannot be included in the routes.conf file:
• Java Clients Java clients that use JSSE can operate in FIPS 140-2 compliant mode by using a FIPS 140-2 compliant cryptographic provider that supports the PKCS#11 interface. This interface is described in the Oracle documentation. A good starting point is the PKCS#11 Reference Guide. See https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html. You are responsible for procuring and configuring such a provider.
− Modify the JAVA_HOME/lib/security/java.security file to include the PKCS#11 provider and the location of the relevant configuration file. Please refer to the Java documentation for additional details: https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#Config.
− Set the com.tibco.tibjms.ssl.PKCS11 property to true before calling any EMS methods.
• C Clients C clients that link to the dynamic EMS libraries can operate in FIPS 140-2 compliant mode. FIPS compliance is not available with static libraries.
![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |