Issues we are facing in fips mode
Isha K
raveenakushwah83 at gmail.com
Wed Oct 8 07:26:12 UTC 2025
Hi
This mail is to check with you on two issues we are facing.
1. In our application for tls handshake, we are using tomcat 10.1.44 server
along with JDK 17.0.3+7.
In our application, we observed that in non fips mode using tls1.2/ tls1.3
protocol, session tickets are sent, but not in fips mode where we are using
bcfips-2.0.1 , bctls-fips-2.0.20, bcutil-fips-2.0.3 and bcpkix-fips-2.0.8
jars.
Is it expected behaviour? I checked online but didn't find any supporting
statements.
2. In non fips we had this property javax.net.debug in jvm.properties which
would give us details on the handshake in catalina.out file , but in fips
this property is not working.
To enable fips we are setting bcfips, bcjsse provider as 1st and 2nd
priority in java.security file.
Please let me know if any other details are required.
Your response will help us in narrowing down the issue and work on the
actual ones.
Waiting keenly for your response.
Regards
Raveena
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20251008/028d1175/attachment.htm>
More information about the security-dev
mailing list