activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mickhayes <>
Subject Re: FIPS 140-2
Date Thu, 21 Jun 2012 14:10:37 GMT
I came across this FIPS topic on introduction of Mozilla NSS in our
organisation (we have a fairly detailed procedure when new FOSS software is

To answer the question, ActiveMQ isn't on the published lists, so the answer
is no -a product is not compliant until it has been certified as such. 
Once a module is validated, then it's on the validated lists:

However, I would question whether ActiveMQ needs to be - perhaps a "FIPS
mode" would suffice.

Consider NSS. Now it's validated - FIPS 140-2 compliant. So Firefox has a
FIPS mode. Once you have a password for your "encryption device" you can
turn on FIPS mode.

ActiveMQ - like Firefox -doesn't itself own or develop any cryptographic
At a simple level, for encrypted passwords, the Apache V2-licensed jasypt
library is used
Jasypt relies on JCE. 

You can see on which JCE modules have been validated as

Note the concept of "FIPS mode" - explained well here:

Michael Hayes B.Sc. (NUI), M.Sc. (DCU), SCSA SCNA 

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message