Federal Information Processing Standards (FIPS) are standards and
guidelines issued by the United States National Institute of Standards and
Technology (NIST) for federal government computer systems. FIPS are developed
when there are compelling federal government requirements for standards, such
as for security and interoperability, but acceptable industry standards or
solutions do not exist.
WebSphere Portal Express tolerates WebSphere
Application Server's
support of FIPS 140-2. WebSphere
Application Server integrates
cryptographic modules such as Java Secure Socket Extension (JSSE) and Java
Cryptography Extension (JCE), which are FIPS 140-2 certified. Throughout
the documentation and the product, the FIPS 140-2 certified IBM JSSE and JCE
modules are referred to as IBMJSSEFIPS and IBMJCEFIPS, which distinguishes
the FIPS-certified modules from the prior, non-certified IBM JSSE and IBM
JCE modules.
The FIPS 140-2 compliant toleration means that
WebSphere Portal Express will
continue to work after
WebSphere
Application Server is
configured to activate FIPS 140-2 compliant security modules. The
WebSphere Portal Express product
has no self-contained cryptographic support and as a result is unaware of
the module differences. Functions in
WebSphere Portal Express that
use encryption include:
- Secure Sockets Layer (SSL) connections inbound from clients (but this
is basically the WebSphere
Application Server and
HTTP Server support for SSL connections, and is transparent to WebSphere Portal Express)
- Internal connections between WebSphere Portal Express administrative
functions and WebSphere
Application Server administrative
services (invoked, for example, when deploying a portlet which must create
a Web application in WebSphere
Application Server)
It is assumed, though not required, that all the connections listed above
will be carried over SSL using FIPS-compliant encryption. Without FIPS 140-2
support connections may not be encrypted. And there is no requirement that
every connection be SSL, even with FIPS-enabled cryptography over TLS, but
again your connection may not be encrypted.
Important: FIPS 140-2
enablement requires HTTP Server and LDAP server versions that provide support
for FIPS 140-2. Consult the documentation for your HTTP server and LDAP server
to determine your level of support.
Limitations
There are some restrictions in the level
of support that
WebSphere Portal Express provides
in using FIPS-certified modules:
- Lotus
Sametime and Lotus
QuickPlace currently
do not support FIPS 140-2.
- By default, Microsoft Internet Explorer might not have TLS enabled. To
enable TLS, open the Internet Explorer browser and
click . On the Advanced tab, select the Use
TLS 1.0 check box.
- Netscape Version 4.7.x and earlier might not support
TLS.
- The IBM Tivoli Directory Server provides the Use FIPS certified implementation
option, which enables the directory server the FIPS-certified encryption algorithms
uses. For more information, see "Setting the level of encryption" within the IBM Tivoli Directory Server Administration Guide
- You can only use FIPS-certified JSSE providers if your servers and clients
are using WebSphere
Application Server Version
6.0 or later.
Portal, Express Beta Version 6.1
