Configuration of the Cipher engine and FIPS mode processing

Configuration of the Cipher engine and FIPS mode processing

We can use the WebSEAL configuration file to specify the Cipher engine used by GSKit.
[ssl]
base-crypto-library = Default

Valid values for this entry are:

Default
Select the optimal cryptographic base to use. For WebSEAL Version 7, the default cryptographic base is ICC.
ICC

We can specify whether to enable FIPS mode processing. FIPS mode processing is disabled by default. To enable FIPS mode processing, set the following entry:
[ssl]
fips-mode-processing = yes

Set the value to "yes" when we are using ICC and to use the FIPS 140-1 approved protocols and ciphers.
Parent topic: Cryptographic hardware for encryption and key storage