On 18/05/2022 06:14, Rupesh P wrote:
Hi Christopher Schultz,
I am sorry for the inconvenience caused.
Actually i am not able to enable the FIPS Mode in Tomcat 9 for windows. It
gives an error "Failed to enter fips mode".
Software Specifications:
Tomcat version - 9.0.34
Openssl version - 3.0.2
OS - Windows Server 2019 64-bit
I tried building the Tomcat Native native library with APR(1.7.0) ,
Openssl(3.0.2) and Tomcat Native library (1.2.32).
The openssl 3.0.2 along with the FIPS got built successfully.
Since FIPS Object Module Package is already integrated with the openssl
3.0, There is no separate package for it. So I have built the Tomcat Native
library and it got built successfully. But when i tried to put the
1. *tcnative-1.dll* in the *Bin folder of Tomcat 9\*
*2. Adding the FIPSMODE="on" for the APR listener*
*3. Added the **HTTPS connector to use Native (OpenSSL) implementation of
SSL/TLS protocol.*
*4. Restarted the Tomcat and checked the catalina.log*
*The Fips mode is not getting enabled, shows the log error "*Failed to
enter fips mode*" and along with that it also states "** FIPS was not
available to tcnative at build time".*
*T*he same steps i have performed for the Openssl version 1.0.2 along with
the FIPS Object Module Package, There Tomcat was able to initialize FIPS
mode and Tomcat started with the FIPS mode.
Is there any way to overcome this issue?
Please do let me know any solution for this issue.
Tomcat Native has not been updated for OpenSSL 3.0.x and FIPS. Code
changes in Tomcat Native are going to be required to get this to work.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
