Taking TIBCO MFT Internet Server Out of FIPS Mode

You can manually take TIBCO MFT Internet Server out of FIPS mode if you have enabled it.

If you manually enabled FIPS mode, you will have to undo the changes you made when putting MFT into FIPS mode. If FIPS was automatically configured during installation, see Configuring FIPS 140-2 for more details on which files to edit.

Procedure

  1. Remove FIPS certified cryptographic provider from the list of providers in the java.security file.
    Note: When removing the cryptographic provider from the java.security file, you can either comment out the line with the pound sign (#) or delete the line. You must fix the order of the providers after that.
  2. Set the MFT environment variable FIPS_MODE to false in the setenv.sh file.
  3. Remove the provider name from SSHSecurityProvider parameter in the web.xml file.
  4. Restart the server.