My Oracle Support Banner

FIPS 140 Validation for SSL When Using OracleAS 10g 10.1.3.x (Doc ID 559131.1)

Last updated on JUNE 29, 2023

Applies to:

Oracle Fusion Middleware - Version to [Release AS10gR3]
Oracle Solaris on SPARC (64-bit)
Oracle Application Server 10g Enterprise Edition - Version: to
Sun Solaris SPARC (64-bit)


Announcing the availability of a Patch to provide a Federal Information Processing Standard (FIPS) mode for the SSL stack including the ability to run in validated mode on some platforms.

This Patch will enable the C SSL crypto stack in both the DB and the Oracle Application Server 10g Release 3 versions (10.1.3.x) which use DB networking layer to run in FIPS mode.


Please note that this FIPS validation only applies to the C SSL crypto stack on the Solaris Sparc 64-bit platform. Other patches made available for other platforms may provide the same functionality, designed to meet FIPS requirements, but have not been validated by the Cryptographic Module Validation Program (CMVP). Please refer to the CMVP website for details of the scheme and of Oracle's validations:

Oracle Support will not have knowledge of future FIPS validations on other platforms, except as listed on the site. The CMVP is a third-party validation. For other platforms, there are patches to provide FIPS functionality and are merged with Critical Patch Updates. More information for this can be obtained from the following document:

<Note 473029.1> FIPS 140-2 Configuration with Oracle Application Server and HTTP Server


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Critical Patch Update Implications
 How to Enable FIPS

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.