My Oracle Support Banner

SSL FIPS 140-2 Standard for Oracle Fusion Middleware 11g - OHS, WLS, OPSS, OWSM 10.3.6/ (Doc ID 2115681.1)

Last updated on DECEMBER 21, 2022

Applies to:

Oracle HTTP Server - Version to [Release Oracle11g]
Oracle WebLogic Server - Version 10.3.6 to 10.3.6
Oracle Platform Security for Java - Version to [Release Oracle11g]
Oracle Web Services Manager - Version to [Release 11g]
Information in this document applies to any platform.


This has been a post-release certification where patches and steps are required when configuring SSL to meet FIPS 140-2 standards. 

See the below information for the patching requirements for OHS, WLS, OPSS and OWSM.


Oracle HTTP Server

Configuring the Oracle HTTP Server (OHS) for FIPS 140-2 (aka SSLFIPS) is now documented in the following locations:

Oracle Fusion Middleware Administrator's Guide (
- Chapter 9, "FIPS 140 Support in Oracle Fusion Middleware"
- Section I.2.4.1, "Creating and Viewing Oracle Wallets with orapki"

Oracle HTTP Server Administrator's Guide (
- Section E.4.6 SSLFIPS and Table E-3, "Cipher Suites Supported by SSLFIPS"

Configuration to comply with FIPS 140-2 standards is essentially an "SSLFIPS On" setting while meeting other certificate, protocol and cipher configuration requirements as documented.

Platforms supported for Oracle HTTP Server 11g ( configured for FIPS 140-2 standards:

Linux x86-64, Linux x86, Windows 64-bit, Solaris SPARC 64, Solaris x86-64, HP Itanium 64, HP-PA RISC 64, and IBM AIX 64

The below patches are required in the following order before beginning the steps to use orapki and configure ssl.conf/admin.conf:

Component  Patch Patch Description on My Oracle      Support          Additional Comments
Oracle HTTP Server


<Patch 33311587>

OHS SPU for CPUOct2021

  • All platforms.

  • Update: This patch supersedes the original <Patch 19571821>. Previous patches mentioned here are superseded and fixes for FIPS are now planned to be included in Critical Patch Updates beginning with CPUJan2018 (<Patch 27301611>) and newer. The following should be listed in the Readme's Bugs Fixed list to be sure:  19571821 - PERFORM FIPS VALIDATION / CERTIFICATION WITH OHS

  • Oct 2021 is the final security patch for OHS This and other patches can be found in Doc ID 2796575.1. Updated cipher standards should be followed from Doc ID 2314658.1. As referenced from Critical Patch Updates, ensure to also follow steps Doc ID 2626956.1 Cumulative README Post-Install Steps for Oracle HTTP Server Critical Patch Update. 
SSL/Networking <Patch 21625529> ADD FIPS SUPPORT IN ORAPKI All platforms. Generic patch for orapki utility. Follow readme for oracle_common.
SSL/Networking <Patch 21974584> TRACKING BUG TO SHIP CORRECT MES LIBRARIES ON PLATFORMS All platforms except Linux x86-64 and Windows 64-bit.
SSL/Networking  <Patch 32287205>


  • All platforms.
  • This patch supersedes the original <Patch 21557250> TRACKING BUG TO CONSOLIDATE ALL THE PS7 FIPS FIXES" in order to merge with Critical Patch Updates.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Oracle HTTP Server
 Oracle Weblogic Server 10.3.6
 Oracle Platform Security Services (OPSS)
 Oracle Web Services Manager (OWSM)

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.