Chapter 9. Configuring FIPS for Red Hat JBoss Web Server

When JBoss Web Server is installed on a Red Hat Enterprise Linux 8 host, you can configure JBoss Web Server to be compliant with Federal Information Processing Standards (FIPS). When you enable FIPS on the Red Hat Enterprise Linux host, this allows JBoss Web Server to operate in FIPS mode automatically.

Note

FIPS does not support the password-based encryption functionality that is provided by the tomcat-vault component of JBoss Web Server. If you want to use password-based encryption on the JBoss Web Server host, you must ensure that FIPS is disabled. For more information about password-based encryption and tomcat-vault, see Vault for Red Hat JBoss Web Server.

9.1. Introduction to FIPS

The Federal Information Processing Standards (FIPS) provide guidelines and requirements for improving security and interoperability across computer systems and networks. The FIPS 140-2 and 140-3 series apply to cryptographic modules at both the hardware and software levels. The National Institute of Standards and Technology in the United States implements a cryptographic module validation program with searchable lists of both in-process and approved cryptographic modules.

Red Hat Enterprise Linux provides an integrated framework to enable FIPS 140-2 compliance on a system-wide basis. When operating under FIPS mode, software packages using cryptographic libraries are self-configured according to the global policy.

Additional resources

9.2. Configuring FIPS for JBoss Web Server on RHEL 8

You can enable FIPS compliance on the Red Hat Enterprise Linux 8 host during system installation. Alternatively, you can switch your system to FIPS mode after you have completed the system installation.

Procedure

Verification

  • Enter the following command: 

    fips-mode-setup --check

    If FIPS is enabled, this prints the following output: 

    FIPS mode is enabled.