Describes how to configure the IBM JRE to use IBM Java FIPS 140-2
approved providers
Before you begin
To be FIPS 140-2 approved, all Rational ClearQuest Client and ClearQuest
Client for Eclipse computers must be configured to use the IBM JRE with the
IBM Java JCE (Java Cryptographic Extension) FIPS providers enabled. This ensures
that the clients use the FIPS 140-2 certified algorithms AES 128-bit and SHA-256.
About this task
Perform the following steps to configure Rational ClearQuest Client
and ClearQuest Client for Eclipse computers to use the IBM JRE with the IBM
Java JCE FIPS providers enabled:
- Edit the master security properties file, java.security,
to register additional cryptographic package providers:
- On Windows:
- drive:\install-dir\Program
Files\Rational\Common\java\jre\lib\security\java.security
- On the UNIX system and Linux:
- install-dir/Rational/ClearQuest/common/java/jre/lib/security/java.security
- Locate the list-of-providers section near the top of the file.
This section will look similar to the following example:
#
# List of providers and their preference orders:
#
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
- Add the following providers to the top of the list and sequentially
renumber the other providers:
security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider
security.provider.2=com.ibm.fips.crypto.fips.provider.IBMJCEFIPS
The
updated list of security providers will look similar to the following example:
#
# List of providers and their preference orders:
#
security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider
security.provider.2=com.ibm.fips.crypto.fips.provider.IBMJCEFIPS
security.provider.3=com.ibm.jsse2.IBMJSSEProvider2
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.security.jgss.IBMJGSSProvider
security.provider.6=com.ibm.security.cert.IBMCertPath
security.provider.7=com.ibm.security.sasl.IBMSASL