Configuring compliance for FIPS 140-2 in Rational DOORS Web Access
About this task
Rational DOORS Web Access uses the IBMJSSE2 provider as the Java™ Secure Socket Extension (JSSE) provider. IBMJSSE2 does not need FIPS 140-2 approval because it delegates encryption and signature functions to a Java Cryptography Extension (JCE) provider. Rational DOORS Web Access uses the IBMJCEFIPS provider to encrypt data. IBMJCEFIPS is approved for FIPS 140-2.
- Edit the IBM SDK java.security file to include the IBMJCEFIPS and IBMJCE providers and to specify the IBM secure sockets library.
- Edit the Apache Tomcat startup script file to set the system property that specifies the FIPS 140-2 compliant setting.
- Edit the Apache Tomcat server configuration file to restrict https communication to protocols and cipher suites that are supported by FIPS 140-2.
Procedure
What to do next
Configure the browser to send at the least the minimum TLS version that the Apache Tomcat server accepts. Microsoft Internet Explorer might not have TLS enabled. To enable TLS, open Internet Explorer and click Advanced tab, select Use TLS version, where version is the minimum client version that the server accepts.
. On theIf you use providers that are approved by FIPS 140-2, ensure that the certificates and keystores include supported algorithms. For a list of supported key and signature algorithms, see "The Java FIPS-approved providers, IBMJSSEFIPS and IBMJCEFIPS."