Questions on FIPS Compliant Unified Assurance
(Doc ID 3062615.1)
Last updated on DECEMBER 11, 2024
Applies to:
Oracle Communications Unified Assurance - Version 6.0.4.4.0 and laterInformation in this document applies to any platform.
Goal
The customer has asked for environment to be FIPS Compliant. They want to change 'ssl_fips_mode' to 'ON' or 'STRICT' in MYSQL. Currently, 'ssl_fips_mode' is set to 'OFF'. When trying set 'ssl-fips-mode=ON' in the mysql.cnf file and restarting MYSQL(systemctl restart assure1-db), MYSQL fails to start and gives the following error:
Their environment is still RHEL7 using version 6.0.4.5.
According to the Security Guide Linux Prerequisites, OCUA cannot be FIPS Compliant in RHEL7, only RHEL8. Is this true, and OUA will never be FIPS Compliant in RHEL7?
Also, according to the Security Guide FIPS Compliance in Unified Assurance, OUA in RHEL8 is FIPS Compliant due to inheritance from the OS layer.
Does this mean that 'ssl_fips_mode' cannot be turned on in MYSQL even on RHEL8 with FIPS enabled, and will just be in 'hardened' mode?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |