FIPS 140 Validation for SSL When Using OracleAS 10g 10.1.3.x
(Doc ID 559131.1)
Last updated on JULY 01, 2024
Applies to:
Oracle Fusion Middleware - Version 10.1.3.0.0 to 10.1.3.4.0 [Release AS10gR3]Oracle Solaris on SPARC (64-bit)
Oracle Application Server 10g Enterprise Edition - Version: 10.1.3.0.0 to 10.1.3.4.0
Sun Solaris SPARC (64-bit)
Purpose
Announcing the availability of a Patch to provide a Federal Information Processing Standard (FIPS) mode for the SSL stack including the ability to run in validated mode on some platforms.
This Patch will enable the C SSL crypto stack in both the DB 10.1.0.5.0 and the Oracle Application Server 10g Release 3 versions (10.1.3.x) which use DB 10.1.0.5.0 networking layer to run in FIPS mode.
Scope
Please note that this FIPS validation only applies to the C SSL crypto stack on the Solaris Sparc 64-bit platform. Other patches made available for other platforms may provide the same functionality, designed to meet FIPS requirements, but have not been validated by the Cryptographic Module Validation Program (CMVP). Please refer to the CMVP website for details of the scheme and of Oracle's validations:
http://csrc.nist.gov/cryptval/
Important:
Oracle Support will not have knowledge of future FIPS validations on other platforms, except as listed on the crsrc.nist.gov site. The CMVP is a third-party validation. For other platforms, there are patches to provide FIPS functionality and are merged with Critical Patch Updates. More information for this can be obtained from the following document:
<Note 473029.1> FIPS 140-2 Configuration with Oracle Application Server and HTTP Server
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Purpose |
| Scope |
| Details |
| Critical Patch Update Implications |
| How to Enable FIPS |
| References |