Describes how to configure the IBM JRE to use IBM Java
FIPS 140-2 approved providers
Before you begin
To be FIPS 140-2 approved, all Rational ClearQuest Client
and ClearQuest Client for Eclipse computers must be configured to
use the IBM JRE with the IBM Java JCE (Java Cryptographic Extension)
FIPS providers enabled. This ensures that the clients use the FIPS
140-2 certified algorithms AES 128-bit and SHA-256.
About this task
Perform the following steps to configure Rational ClearQuest
Client and ClearQuest Client for Eclipse computers to use the IBM
JRE with the IBM Java JCE FIPS providers enabled.
Procedure
- Edit the master security properties file, java.security,
to register additional cryptographic package providers:
- On Windows:
- drive:\install-dir\Program
Files\Rational\Common\java\jre\lib\security\java.security
- On the UNIX system and Linux:
- install-dir/Rational/ClearQuest/common/java/jre/lib/security/java.security
- Locate the list-of-providers section near the top of the
file. This section will look similar to the following example:
#
# List of providers and their preference orders:
#
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
- Add the following providers to the top of the list and
sequentially renumber the other providers:
security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider
security.provider.2=com.ibm.fips.crypto.fips.provider.IBMJCEFIPS
The
updated list of security providers will look similar to the following
example:
#
# List of providers and their preference orders:
#
security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider
security.provider.2=com.ibm.fips.crypto.fips.provider.IBMJCEFIPS
security.provider.3=com.ibm.jsse2.IBMJSSEProvider2
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.security.jgss.IBMJGSSProvider
security.provider.6=com.ibm.security.cert.IBMCertPath
security.provider.7=com.ibm.security.sasl.IBMSASL