FIPS-140 Standard

PKCS#11 APIs enable communication with software or hardware modules that perform cryptographic operations. Once PKCS#11 is installed on your server, you can configure the Sun Java System Web Server to be Federal Information Processing Standards (FIPS)-140 compliant. These libraries are included only in SSL version 3.0.

To enable FIPs-140

1. Install the plug-in following the FIPS-140 instructions.

2. Access either the Administration Server or the Server Manager and choose the Preferences tab.

   From the Server Manager you must first select the server instance from the drop-down list.

3. Click the Edit Listen Sockets link.

   The Edit Listen Sockets page appears. For a secure listen socket, the Edit Listen Socket page displays the available security settings.

   ---

   Note –

   To work with FIPS-140, ensure that security is enabled on the selected listen socket. For more information, see Enabling Security for Listen Sockets.

   ---

4. Select Enabled from the SSL Version 3 drop-down list.

5. Check the appropriate FIPS-140 cipher suite:

   • (FIPS) DES with 56 bit encryption and SHA message authentication

   • (FIPS) Triple DES with 168 bit encryption and SHA message authentication

6. Click OK.

7. From the Server Manager, click Apply, and then Restart for changes to take effect.