Configuring GPNP to use FIPS compliant algorithms in 19c and higher
(Doc ID 2987738.1)
Last updated on JULY 20, 2024
Applies to:
Oracle Database - Enterprise Edition - Version 19.3.0.0.0 and laterInformation in this document applies to any platform.
Goal
There has been a requirement from our security team to ensure GPNP uses supported algorithms for signing to become FIPS compliant, and this is fixed in 19c, but those Gird Infrastructure (GI) environments that are upgraded from an earlier version (i.e. 11g, 12c, and 18c) will have GPNP wallets that are not FIPS compliant..
Starting the database that are enabled FIBS fail with the following ora-600 error in the alert.log if GPNP wallets are not FIPS compliant.
ORA-00600: internal error code, arguments: [ipc_initialize_3], [1], [16], [],
[], [], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [ipc_initialize_3], [1], [16], [],
[], [], [], [], [], [], [], []
If <RDBMS_HOME>/ldap/admin/fips.ora file has the following entries, then the database is setup to use FIPS TCPS
SSLFIPS_140=TRUE
SSLFIPS_LIB=$ORACLE_HOME/lib
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |