000025103 - FIM - FIPS 140-2 compliance. TLS1 ciphers

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025103
Applies ToFederated Identity Management Module 2.5
Win 2000 Server SP4
BEA Weblogic 8.1 SP5
IssueFIM - Questions regarding security - FIPS 140-2 compliance. TLS1 ciphers
Undergoing credential assessment profile verifying use of  SSL3.1 and TLS 1.0 ciphers
CauseFIM 2.5 uses WLS SP 5 which has the SSL 3.0 implementation not 3.1. It does support TLS1.0 ciphers
ResolutionDisable use of SSL3.0 and use TLS1.0 ciphers only. Add the following to the setserverenv.cmd ( or sh ) file.  "set WL_OPTIONS=%WL_OPTIONS% -Dweblogic.security.SSL.protocolVersion=TLS1"
NotesFIPS 140-2 is supported in later versions of Weblogic 9.x with a command line switch "-Dweblogic.security.SSL.nojce=true" to use a FIPS-compliant (FIPS 140-2) crypto module in the server's SSL implementation
Legacy Article IDa37566