FIPS 140-3 Compliance Questions using BouncyCastle FIPS/JSEE Provider #2264
Unanswered
pkcs11newbie
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I’m looking into FIPS compliance of the Java clients using BouncyCastle FIPS Provider and BouncyCastleJSSE Provider.
In my Java application,
Depdencies:
Set following properties:
Excerpts of the Code:
SSLContext, truststore,trustmanagers variables all indicate that BouncyCastle fips provider classes are being used:
Given below Wireshark trace from ClientHello, Can I presume then that my Java client is in strict FIPS mode ?
ClientHello_wiresharktrace_java.txt
Googling the wireshark trace suggested legacy non-approved signature
Does FIPS compliance clients mean they can be in hybird mode ? basically sending both FIPS algorithms and non-FIPS as well for legacy purpose ?
Wireshark trace from my C++ client application using OpenSSL fips provider seems to have TLS_RSA_WITH-XXX cipher suites, which if I'm not mistaken are non-FIPS compliant suites.
ClientHello_wireshark_C++.txt
I would appreciate any guidance or suggestions to help me understand this.
Thank you.
Beta Was this translation helpful? Give feedback.
All reactions