FIPS 140-3 Compliance Questions using BouncyCastle FIPS/JSEE Provider #2264
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I’m looking into FIPS compliance of the Java clients using BouncyCastle FIPS Provider and BouncyCastleJSSE Provider.
In my Java application,
Depdencies:
Set following properties:
Excerpts of the Code:
SSLContext, truststore,trustmanagers variables all indicate that BouncyCastle fips provider classes are being used:
Given below Wireshark trace from ClientHello, Can I presume then that my Java client is in strict FIPS mode ?
ClientHello_wiresharktrace_java.txt
Googling the wireshark trace suggested legacy non-approved signature
Does FIPS compliance clients mean they can be in hybrid mode ? basically sending both FIPS algorithms and non-FIPS as well for legacy purpose ?
Wireshark trace from my C++ client application using OpenSSL fips provider seems to have TLS_RSA_WITH-XXX cipher suites, which if I'm not mistaken are non-FIPS compliant suites.
ClientHello_wireshark_C++.txt
I would appreciate any guidance or suggestions to help me understand this.
Thank you.
Beta Was this translation helpful? Give feedback.
All reactions