Configuring IBM Java FIPS 140-2 Manually
You can enable the FIPS mode during TIBCO MFT Internet Server installation. In this case, the installer configures FIPS mode automatically and no further action is necessary. If you do not enable FIPS mode during TIBCO MFT Internet Server installation, you have to go through the required configurations to enable FIPS 140-2 manually.
For information on how to enable FIPS mode manually, see Enabling FIPS Mode Manually.
For information on how to take the MFT server out of FIPS mode, see Taking the MFT Server out of FIPS mode.
Tomcat 9 ignores any cipher suite starting with SSL. This is a problem when running on IBM Java because IBM TLS cipher suites start with SSL. The MFT Installer handles the conversion, this is only an issue if you are manually editing the cipher suites in the server.xml file.
For example:
In the server.xml file, you must enter SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384.
However, in the web.xml file, you must leave the cipher suites in the IBM format starting with SSL.