Enabling Tomcat to be FIPS compliant.

[Nikitha Benny <ni...@gmail.com>]

Hello Everyone,


I am using JRE 1.8.060 and tomcat 7.00.068 ,after enabling the FIPS mode
and performing the steps to create a certificate(PKCS12 format). I was able
to access the tomcat home page using HTTPS


But when I was using the same JRE 1.8.060 with tomcat 7.00.069 and then
enabling the FIPS and performing the steps to create a certificate I am
unable to access the tomcat home page using HTTPS.I got an error saying : “This
site can’t provide a secure connection,uses an unsupported protocol,
ERR_SSL_VERSION_OR_CIPHER_MISMATCH”.

Later I added Ciphers in server.xml.ovtemplate and try loading the page
using Https and the page loaded successfully.



May I know why I should add ciphers to server.xml.ovtemplate for tomcat
7.00.069 but not for 7.00.068 to open in HTTPS ?

Re: Enabling Tomcat to be FIPS compliant.

[Violeta Georgieva <mi...@gmail.com>]

Hi,

2016-05-16 7:42 GMT+03:00 Nikitha Benny <ni...@gmail.com>:
>
> Hello Everyone,
>
>
> I am using JRE 1.8.060 and tomcat 7.00.068 ,after enabling the FIPS mode
> and performing the steps to create a certificate(PKCS12 format). I was
able
> to access the tomcat home page using HTTPS
>
>
> But when I was using the same JRE 1.8.060 with tomcat 7.00.069 and then
> enabling the FIPS and performing the steps to create a certificate I am
> unable to access the tomcat home page using HTTPS.I got an error saying :
“This
> site can’t provide a secure connection,uses an unsupported protocol,
> ERR_SSL_VERSION_OR_CIPHER_MISMATCH”.
>
> Later I added Ciphers in server.xml.ovtemplate and try loading the page
> using Https and the page loaded successfully.
>
>
>
> May I know why I should add ciphers to server.xml.ovtemplate for tomcat
> 7.00.069 but not for 7.00.068 to open in HTTPS ?

Check Tomcat 7.0.69 changelog
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Regards,
Violeta