...
Copy bc-fips-<VERSION>.jar and bctls-fips-<VERSION>.jar into the
<DOTTEST_INSTALL_DIR>/bin/dottest/java/jarsdirectory.Open the java.security file in the
<DOTTEST_INSTALL_DIR>/bin/dottest/Jre_x64/conf/security/directory and make the following changes:Set the list of security providers by commenting out all existing properties named
security.provider.<number>. and inserting the following lines:Code Block security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=SUN
Change key and trust manager factory algorithms for the javax.net.ssl package to PKIX.
Code Block ssl.KeyManagerFactory.algorithm=PKIX ssl.TrustManagerFactory.algorithm=PKIX
Change the default keystore type to fips and disable the compatibility mode for JKS and PKCS12 keystore types.
Code Block keystore.type=fips keystore.type.compat=false
(Linux only) Add the NativePRNGNonBlocking algorithm to the list of known strong SecureRandom implementations:
Code Block securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN,NativePRNGBlocking:SUN,DRBG:SUN
Allow only FIPS-approved algorithms:
Code Block org.bouncycastle.fips.approved_only=true
- Save your changes.
Open the java.policy file in the
<DOTdirectory and insert the following permissions into the default domain:TEST_INSTALL_DIR>/bin/dottest/Jre_x64/conf/security/Code Block permission java.lang.RuntimePermission "accessClassInPackage.sun.security.internal.spec"; permission org.bouncycastle.crypto.CryptoServicesPermission "tlsAglorithmsEnabledtlsAlgorithmsEnabled";
- Save your changes.
Open the logging.properties file in the
<DOTTEST_INSTALL_DIR>/bin/dottest/Jre_x64/conf/directory and insert the following Bouncy Castle logger configuration:Code Block org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints.level=SEVERE org.bouncycastle.jsse.provider.PropertyUtils.level=SEVERE
Save your changes.