Configuring the Web Server 7.0 Transport Layer Security (TLS) to be FIPS 140 Compliant (Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide)

Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide

Configuring the Web Server 7.0 Transport Layer Security (TLS) to be FIPS 140 Compliant

To Configure the Web Server 7.0 TLS to be FIPS 140 Compliant

Log in to the Web Server 7.0 Administration Console.

Click Configuration.

Click the server instance you want to configure.

Click the HTTP Listeners tab and then click the listener instance you want to configure.

Select the SSL tab in new popup window.

Disable SSL2 and SSL3, leaving only TLS.

Disable all non-FIPS Compliant TLS Cipher suite by removing them from the Selected list.

See the following list for the FIPS compliant TLS cipher suites.

Save your changes.

FIPS Compliant TLS Cipher Suites

TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

© 2010, Oracle Corporation and/or its affiliates