Enable EMS Clients
Java and C client applications can operate in FIPS compliance:
-
- Java Clients
- Java clients that use JSSE can operate in FIPS 140-2 compliant mode by using a FIPS 140-2 compliant cryptographic provider that supports the PKCS#11 interface. This interface is described in the Oracle documentation. A good starting point is the PKCS#11 Reference Guide. See https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html. You are responsible for procuring and configuring such a provider.
- To enable FIPS 140-2 operations in the Java client:
- Download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JDK installation. These files are available on the Sun Microsystems website.
- Install a FIPS 140-2 compliant cryptographic token (hardware or software) that has a PKCS#11 interface, as per the token provider’s instructions.
- You or the token provider should configure the cryptographic token.
- Modify the JAVA_HOME/lib/security/java.security file to include the PKCS#11 provider and the location of the relevant configuration file. Refer to the Java documentation for additional details: https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#Config.
- Set the com.tibco.tibjms.ssl.PKCS11 property to true before calling any EMS methods.
-
- C Clients
- C clients that link to the dynamic EMS libraries can operate in FIPS 140-2 compliant mode. FIPS compliance is not available with static libraries.
To enable FIPS 140-2 operations in the C client, use compliant OpenSSL libraries, and initialize the libraries to enable FIPS 140-2 operations before calling any EMS functions.
Copyright © 2021. Cloud Software Group, Inc. All Rights Reserved.