My Oracle Support Banner

Support of SSL FIPS 140-2 Standard for Oracle HTTP Server 12.1.3 (Doc ID 2160983.1)

Last updated on FEBRUARY 08, 2024

Applies to:

Oracle HTTP Server - Version 12.1.3.0.0 to 12.1.3.0.0 [Release 12c]
Oracle Fusion Middleware - Version 12.1.3.0.0 to 12.1.3.0.0 [Release 12c]
Information in this document applies to any platform.
- Patches in this document are strongly recommended for security, even if SSLFIPS is not enabled

Goal

SSL FIPS 140-2 Standard for Oracle HTTP Server 12.1.3

Configuration of Oracle HTTP Server (OHS) 12.1.3 to meet FIPS 140-2 standards is essentially setting an "SSLFIPS On" setting and ensuring certificate, protocol and cipher requirements are met. Patches are supplied to help configure correctly, fix security issues and ensure the code is FIPS 140-2 compliant.

This has been a post-release certification for OHS 12.1.3 as installed from OHS 12.1.3 distribution media. It does not include other environments where OHS is integrated. Surrounding components may also have requirements to meet FIPS 140-2 standards.

See the below information for OHS 12.1.3 patching and configuration requirements. This document supersedes "<Note:2051048.1> Oracle HTTP Server 12.1.3 Will Not Start With FIPS Mode Turned On", however see the Known Issue at the bottom of this document for a similar issue.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
 SSL FIPS 140-2 Standard for Oracle HTTP Server 12.1.3
Solution
 Patches Required
 Configuration Steps
 Known Issues
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.