Users Guide

Use SSL-J in FIPS-140 Mode in Compliance with FIPS 140-2 Requirements 3

RSA BSAFE SSL-J 6.2.6 Troubleshooting Guide

Use SSL-J in FIPS-140 Mode in Compliance with FIPS

140-2 Requirements

To ensure that SSL-J is used in the FIPS 140 mode in compliance with FIPS 140-2

requirements, complete the following:

• Use the correct jar file:

– For non-Android environments, use the

jcmFIPS-6.2.5.jar file

– For Android environments, use the

jcmandroidfips-6.2.5.jar file.

• Set the initial FIPS-140 mode of operation security property

com.rsa.cryptoj.fips140initialmode to FIPS140_SSL_MODE.

For more information about using SSL-J on Android in FIPS-140 mode, see

Introduction to SSL-J > Android in the RSA BSAFE SSL-J Developer Guide.

Decrease the Time Taken for Cryptographic Operations

SSL-J relies on the operating system to provide the entropy needed for seeding the

SecureRandom object used for cryptographic operations. These operations can take

an unusually long time if the operating system is unable to provide sufficient entropy.

RSA recommends using a Hardware Security Module with SSL-J for generating the

entropy.

Refer to the Welcome to the Crypto-J Toolkit > Introduction to Crypto-J >

Hardware Operations section of the RSA BSAFE SSL-J Developers Guide.