tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: Is Tomcat5.0 FIPS compliant?
Date Mon, 14 Jan 2008 14:01:16 GMT
robingandhi21 wrote:
> Info regarding FIPS is:The Federal Information Processing Standard 140-1
> (FIPS 140-1) and its successor FIPS 140-2 are United States Government
> standards that provide a benchmark for implementing cryptographic software.
> They specify best practices for implementing crypto algorithms, handling key
> material and data buffers, and working with the operating system.

It's a boolean, a certificate is issued or it's not.

demonstrates one provider, IBM JSSE 1.1 operating in FIPS mode, that
has that FIPS-140-2 certification, along with a host of hardware
solutions.  I didn't see any other JSSE provider, but didn't read it
that closely for you.

Tomcat doesn't implement cryptography but consumes a crypto provider,
so you have to look at the underlying components, or configure a
solution leveraging FIPS certified hardware, which is why your post
didn't garner much attention from Tomcat devs.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message