JDK-6313675 : Support a FIPS compliant mode
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 6
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2005-08-19
  • Updated: 2010-04-02
  • Resolved: 2005-09-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6 betaFixed
Related Reports
Relates :  
JDK-6323647 - FIPS mode tweaks
Relates :  
JDK-6469580 - 1.5.0_08 JVM crashes in SignatureHandlerLibrary::add on Fujitsu Primepower platform
Relates :  
JDK-6313661 - SSL/TLS key generation and key derivation using Sun-internal JCE APIs
Description
See comments.
Comments
EVALUATION An experimental FIPS mode is now available. It is activated by constructing a SunJSSE provider using either of the following constructors com.sun.net.ssl.internal.ssl.Provider(java.security.Provider cryptoProvider) com.sun.net.ssl.internal.ssl.Provider(String cryptoProviderName) The argument specifies the FIPS certified crypto provider that is to be used for all crypto operations. As currently implemented, only the SunPKCS11 in combination with NSS supports all the necessary algorithms. SunJSSE can either be used in standard mode or in FIPS mode, but not in both at the same time (i.e. in a single VM process).
13-09-2005
EVALUATION We will try to address this in some form in Mustang or a Mustang update. Additional work could follow in Dolphin, if needed.
19-08-2005