Hi, On Fri, Nov 6, 2020 at 8:57 AM Avik Ray <avikra...@gmail.com> wrote:
> Dear team, > Sending this query again after subscribing to the mailing list. Sent > it originally 3 days back, but just saw an error response in the spam > folder asking to subscribe first. > > We are using Tomcat 9.0.37 x64 on Windows Server 2016 OS and the NIO > connector with JSSE, without an underlying OpenSSL. > > As per Tomcat 9 docs, the only mention of FIPS compliant operation I > see is in the config of APR lifecycle listener, with the expectation > of an underlying OpenSSL implementation that can be set to FIPS > enabled mode. Ref: > https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html > > Is it possible to be FIPS compliant with the usage of Tomcat, without > the above setting? We were thinking of using BouncyCastle FIPS as the > underlying Java crypto provider instead of OpenSSL for multiple > reasons. > > Are there any other dependencies Tomcat has on the underlying stack, > besides that provided by a Java crypto provider like BC-FIPS, having a > bearing on FIPS compliance? > > Please advise, as this is urgent for a FIPS compliance decision. > Please check the README of this project - https://github.com/amitlpande/tomcat-9-fips Amit Pande recently shared it here at users@. Regards, Martin > > Thanks, > Avik Ray > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >