Hi,
The underlying security libraries used with Java WS Core 4.0.8 are
PureTLS (http://www.rtfm.com/puretls/) and Cryptix (http://www.cryptix.org
), and none of those have been validated.
Recently, we have ported the underlying security features to use the
native Java SSL support, specifically the support for using proxy
certificates with this. We have tested this with Sun JDK 1.6, but this
is still a prototype, and hasn't been released yet. It looks like Sun
JDK 6 has support for using FIPS-140 certified providers.
Rachana
On Jun 10, 2010, at 6:41 PM, Joel Schneider wrote:
Our organization generally requires the use of validated FIPS 140-2
cryptographic modules. Related links:
http://csrc.nist.gov/publications/PubsFIPS.html
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
Further information on the following questions would be helpful to us.
Is information available with regard to the FIPS-140-2 validation
status of
cryptographic modules used by Java WS Core 4.0.8?
Has any particular configuration or version of Java WS Core
cryptographic
components been validated to FIPS 140-2?
Best regards,
Joel
--
Joel Schneider
Software Developer (Contractor)
National Marrow Donor Program
Rachana Ananthakrishnan
Argonne National Lab | University of Chicago
