tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: FIPS mode OpenSSL under Tomcat 6.0
Date Tue, 11 Jan 2011 17:18:29 GMT
Hash: SHA1


On 1/7/2011 4:24 PM, Chris Beckey wrote:
> I need to run a FIPS 140-2 certified SSL/TLS implementation under
> Tomcat 6.0.20.  I have OpenSSL configured and running but I cannot
> find a way to set FIPS mode in OpenSSL.

I don't think there's any way to configure OpenSSL via Tomcat other than
to specify the ciphers that OpenSSL will use for SSL.

> From the OpenSSL
> documentation it should be as simple as making a call to
> FIPS_mode_set(), probably from within the AprLifecycleListener but I
> can't find a configuration option nor any indication that
> FIPS_mode_set() method is visible in the tcnative library or JNI
> wrapper.

I can't find the string "fips" (case-insensitive) anywhere in the
tomcat-native code, so it must not be exposed.

> Question is, has anyone run OpenSSL under Tomcat in FIPS
> mode? Any help would be appreciated.

If you know the ciphers allowed by FIPS, you can just specify them in
your <Connector> configuration. Is that acceptable, or do you absolutely
need to have FIPS mode set? (I understand these things are sometimes

It doesn't look like it would be a big deal to add some code to allow
FIPS mode via the APR connector with OpenSSL. Would you be willing to
test some of that code?

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message