ssl-fips-enabled

ssl-fips-enabled

Use the ssl-fips-enabled entry in the [dsess-cluster] stanza to control whether WebSEAL uses TLSv1 or SSLv3 communication with the distributed session cache.

ssl-fips-enabled = {yes|no}

Description

Determines whether Federal Information Process Standards (FIPS) mode is enabled on the distributed session cache. If no configuration entry is present, the setting from the global setting—as determined by the ssl-fips-enabled entry in the [ssl] stanza of the policy server—takes effect.
When set to yes or the setting in the policy server configuration file is set to yes, Transport Layer Security (TLS) version 1 (TLSv1) is the secure communication protocol used. When set to no or the setting in the policy server configuration file is set to no, SSL version 3 (SSLv3) is the secure communication protocol used. The [dsess-cluster] ssl-nist-compliance setting can override this entry. If ssl-nist-compliance is set to yes, FIPS mode processing is automatically enabled.
Options

yes That TLSv1 is the secure communication protocol.
no That SSLv3 is the secure communication protocol.

Usage: Optional
Default: None.
If a different FIPS level than that of the policy server is required, it is the responsibility of the administrator to edit the configuration file, uncomment the stanza entry, and specify this value.
Example:
ssl-fips-enabled = yes

Parent topic: [dsess-cluster] stanza

yes	That TLSv1 is the secure communication protocol.
no	That SSLv3 is the secure communication protocol.