Configuring IBM JAVA FIPS 140-2
This section will guide you through the required configuration steps to enable TIBCO MFT Internet Server to be compliant with IBM JAVA FIPS 140-2 processing.
Important: Tomcat 9 ignores any cipher suite starting with SSL. This is a problem when running on IBM Java because IBM TLS cipher suites start with SSL. The MFT Installer handles the conversion, this is only an issue if you are manually editing the cipher suites in the
server.xml file.
For example:
In the server.xml file, you must enter SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384.
However, in the web.xml file, you must leave the cipher suites in the IBM format starting with SSL.
Copyright © 2021. Cloud Software Group, Inc. All Rights Reserved.