Table of Contents
Advertisement
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Set the Java security providers
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
security.provider.6=com.ibm.security.sasl.IBMSASL
Example: Use a java.security file similar to this one if you need to run in
FIPS-compliant mode, and you use the IBMJSSE provider:
# Set the Java security providers
security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider
security.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
security.provider.6=com.ibm.security.sasl.IBMSASL
Example: Use a java.security file similar to this one if you use the Sun JSSE
provider:
# Set the Java security providers
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.rsajca.Provider
security.provider.3=com.sun.crypto.provider.SunJCE
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
3. If you plan to use the IBM Data Server Driver for JDBC and SQLJ in
FIPS-compliant mode, you need to set the com.ibm.jsse2.JSSEFIPS Java system
property:
com.ibm.jsse2.JSSEFIPS=true
Restriction: Non-FIPS-mode JSSE applications cannot run in a JVM that is in
FIPS mode.
Restriction: When the IBMJSSE2 provider runs in FIPS mode, it cannot use
hardware cryptography.
4. Configure the Java Runtime Environment for the SSL socket factory providers
by adding entries to the java.security file.
The format of SSL socket factory provider entries are:
ssl.SocketFactory.provider=provider-package-name
ssl.ServerSocketFactory.provider=provider-package-name
Specify the SSL socket factory provider for the Java security provider that you
are using.
Example: Include SSL socket factory provider entries like these in the
java.security file when you enable FIPS mode in the IBMJSSE2 provider:
# Set the SSL socket factory provider
ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl
ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl
Example: Include SSL socket factory provider entries like these in the
java.security file when you enable FIPS mode in the IBMJSSE provider:
# Set the SSL socket factory provider
ssl.SocketFactory.provider=com.ibm.fips.jsse.JSSESocketFactory
ssl.ServerSocketFactory.provider=com.ibm.fips.jsse.JSSEServerSocketFactory
Example: Include SSL socket factory provider entries like these when you use
the Sun JSSE provider:
# Set the SSL socket factory provider
ssl.SocketFactory.provider=com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
ssl.ServerSocketFactory.provider=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl
5. Configure Java system properties to use the truststore.
Chapter 10. Security under the IBM Data Server Driver for JDBC and SQLJ
461
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
Table of Contents
