Issues we are facing in fips mode
Sean Mullan
sean.mullan at oracle.com
Wed Oct 8 12:07:33 UTC 2025
This does not appear to be a JDK issue. You are using JAR files from
Bouncy Castle, so I think you should contact them for assistance.
Thanks,
Sean
On 10/8/25 3:26 AM, Isha K wrote:
> Hi
>
> This mail is to check with you on two issues we are facing.
>
> 1. In our application for tls handshake, we are using tomcat 10.1.44
> server along with JDK 17.0.3+7.
>
> In our application, we observed that in non fips mode using tls1.2/
> tls1.3 protocol, session tickets are sent, but not in fips mode where we
> are using bcfips-2.0.1 , bctls-fips-2.0.20, bcutil-fips-2.0.3 and
> bcpkix-fips-2.0.8 jars.
>
> Is it expected behaviour? I checked online but didn't find any
> supporting statements.
>
> 2. In non fips we had this property javax.net.debug in jvm.properties
> which would give us details on the handshake in catalina.out file , but
> in fips this property is not working.
>
> To enable fips we are setting bcfips, bcjsse provider as 1st and 2nd
> priority in java.security file.
>
> Please let me know if any other details are required.
>
> Your response will help us in narrowing down the issue and work on the
> actual ones.
>
> Waiting keenly for your response.
>
> Regards
> Raveena
More information about the security-dev
mailing list