You can enable TIBCO Enterprise Message Service to run in compliance with Federal Information Processing Standard (FIPS), Publication 140-2.
The EMS server supports FIPS compliance only on Windows, Linux, and Solaris 10 (x86) platforms. On UNIX, only tibemsd64, the 64-bit version of the server, is supported. No 32-bit support is provided.
● Ensure that incompatible parameters, listed below, are not included in the server configuration files.When fips140-2 is enabled, on start-up the EMS server initializes in compliance with FIPS 140-2. If the initialization is successful, the EMS server prints a message indicating that it is operating in this mode. If the initialization fails, the server exits (regardless of the startup_abort_list setting).In order to operate in FIPS compliant mode, you must not include these parameters in the tibemsd.conf file:These parameters cannot be included in the routes.conf file:
● Java Clients Java clients that use the Entrust implementation of SSL, rather than the JSSE that is included with EMS, can operate in FIPS 140-2 complaint mode.
−
− Download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JDK installation. These files are available on the Sun Microsystems website.
● C Clients C clients that link to the dynamic EMS libraries can operate in FIPS 140-2 compliant mode. FIPS compliance is not available with static libraries.To enable FIPS 140-2 operations in the C client, use compliant OpenSSL libraries, and initialize the libraries to enable FIPS 140-2 operations before calling any EMS functions.
C libraries support FIPS compliance only on Windows, Linux, and Solaris 10 (x86) platforms. On UNIX, only the 64-bit C libraries are supported. No 32-bit support is provided.
Copyright © TIBCO Software Inc. All Rights Reserved.