tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nithesh Kb <nitheshk...@gmail.com>
Subject Re: Tomcat FIPS with FIPS capable OpenSSL
Date Thu, 03 Dec 2015 19:17:46 GMT
*HI Tomcat Experts,*
*I'm trying to enable fips mode in tomcat but i get these exception,*

*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*

*Steps that i have followed,*
*1. Built FIPS Capable Openssl
[**https://www.openssl.org/docs/UserGuide-2.0.pdf
<https://www.openssl.org/docs/UserGuide-2.0.pdf>**]*
*2. Installed tomcat APR and APR util
[**http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling
<http://stackoverflow.com/questions/34022646/how-to-make-tomcat-fips-mode-enabling>*
*]*
*3. Installed TC-native *

*Changes made in server.xml*

<Listener className="org.apache.catalina.core.AprLifecycleListener"
 SSLEngine="on" FIPSMode="on" />


	<Connector
        port="8080"
        protocol="org.apache.coyote.http11.Http11AprProtocol"
        secure="false"
        SSLEnabled="false"
        scheme="http"
        URIEncoding="UTF-8"
        enableLookups="true"
        acceptCount="10"
        server="NA"/>

*and the exception for this,*
*   04-Dec-2015 00:00:34.725 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
based Apache Tomcat Native library 1.1.33 using APR version 1.5.2.*
*04-Dec-2015 00:00:34.725 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true].*
*04-Dec-2015 00:00:34.787 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
FIPS mode...*
*04-Dec-2015 00:00:34.791 SEVERE [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
initialize the SSLEngine.*
* java.lang.Exception: error:2D06C06E:FIPS
routines:FIPS_mode_set:fingerprint does not match*
* at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
* at
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:329)*
* at
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:135)*

*It works fine if i made FIPSMode="false"*

*logs are attached *

*please help me how to proceed on this.*
*Thanks in advance.*
Thanks,
Nithesh

On Fri, Dec 4, 2015 at 12:39 AM, Nithesh Kb <nitheshkb12@gmail.com> wrote:

> HI Tomcat Experts,
> I'm trying to enable fips mode in tomcat but i get these exception,
>
> *04-Dec-2015 00:00:34.787 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL Initializing
> FIPS mode...*
> *04-Dec-2015 00:00:34.791 SEVERE [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to
> initialize the SSLEngine.*
> * java.lang.Exception: error:2D06C06E:FIPS
> routines:FIPS_mode_set:fingerprint does not match*
> * at org.apache.tomcat.jni.SSL.fipsModeSet(Native Method)*
>
> *Steps that i have followed,*
> *1. Built FIPS Capable Openssl*
>
>
> Thanks,
> Nithesh
>

Mime
View raw message