Red Hat SummitChapter 9. Configuring FIPS for Red Hat JBoss Web Server
When JBoss Web Server is installed on a Red Hat Enterprise Linux 8 host, you can configure JBoss Web Server to be compliant with Federal Information Processing Standards (FIPS). When you enable FIPS on the Red Hat Enterprise Linux host, this allows JBoss Web Server to operate in FIPS mode automatically.
FIPS does not support the password-based encryption functionality that is provided by the tomcat-vault component of JBoss Web Server. If you want to use password-based encryption on the JBoss Web Server host, you must ensure that FIPS is disabled. For more information about password-based encryption and tomcat-vault, see Vault for Red Hat JBoss Web Server.
9.1. Introduction to FIPS
The Federal Information Processing Standards (FIPS) provide guidelines and requirements for improving security and interoperability across computer systems and networks. The FIPS 140-2 and 140-3 series apply to cryptographic modules at both the hardware and software levels. The National Institute of Standards and Technology in the United States implements a cryptographic module validation program with searchable lists of both in-process and approved cryptographic modules.
Red Hat Enterprise Linux provides an integrated framework to enable FIPS 140-2 compliance on a system-wide basis. When operating under FIPS mode, software packages using cryptographic libraries are self-configured according to the global policy.
9.2. Configuring FIPS for JBoss Web Server on RHEL 8
You can enable FIPS compliance on the Red Hat Enterprise Linux 8 host during system installation. Alternatively, you can switch your system to FIPS mode after you have completed the system installation.
Procedure
To enable FIPS mode, complete either of the following steps:
- If you want to enable FIPS during system installation, follow the instructions in Security Hardening: Installing the system with FIPS mode enabled.
- If you want to switch to FIPS mode after system installation, follow the instructions in Security Hardening: Switching the system to FIPS mode.
Verification
Enter the following command:
fips-mode-setup --check
fips-mode-setup --checkCopy to Clipboard Copied! If FIPS is enabled, this prints the following output:
FIPS mode is enabled.
FIPS mode is enabled.Copy to Clipboard Copied!
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}