ssl-fips-enabled

Syntax

ssl-fips-enabled = {yes|no}

Description

Determines whether Federal Information Process Standards (FIPS) mode is enabled with the Federation Runtime.

Notes:

If no configuration entry is present, the setting from the global setting, determined by the Access Manager policy server, takes effect.
The [tfim-cluster:<cluster>] ssl-nist-compliance setting can override this entry. If ssl-nist-compliance is set to yes, FIPS mode processing is automatically enabled.

Options

yes: FIPS mode is enabled.
no: FIPS mode is disabled.

Usage

This stanza entry is required if both of the following conditions are true:

One or more of the cluster server entries use SSL (that is, contains an HTTPS protocol specification in the URL).
A certificate is required other than the default certificate used by WebSEAL when communicating with the policy server.

Note: If this entry is required, but it is not specified in the [tfim-cluster:<cluster>] stanza, WebSEAL uses the value in the global [ssl] stanza.

Default value

None.

Note: If you want to use a FIPS level that is different to the Access Manager policy server, edit the configuration file and specify a value for this entry.

Example

ssl-fips-enabled = yes