Configuring BouncyCastle FIPS 140-2

Note: When running in BouncyCastle FIPS mode, only Elliptic Curve Diffie-Hellman ciphers are supported. In FIPS mode, RSA keys are not allowed to be used for encrypting/decrypting and then used again for signing/verifying. SSL/TLS is particularly prone to this problem, especially if keys are shared by client and servers. Therefore, only Elliptic Curve Diffie-Hellman ciphers are allowed for FTPS, Platform Server SSL, Platform Server Tunnel and HTTPS client and server requests. While Elliptic Curve ciphers are supported in recent client and server software, some old software does not support Elliptic Curve ciphers. You must ensure that all client and server software supports Elliptic Curve ciphers. See the Release Notes for the minimum versions required to use Elliptical Curve ciphers when using TIBCO^® Managed File Transfer Platform Server for Windows or TIBCO^® Managed File Transfer Platform Server for UNIX.