FIPS 140-2 with Sterling B2B Integrator

The Certicom jars (TrustpointProviders.jar and EccpressoFIPSJca.jar) that are distributed with Sterling B2B Integrator are part of Security Builder GSE-Java, which is a FIPS 140-2 validated cryptographic module.

Restriction: You cannot install or upgrade IBM® Sterling B2B Integrator to v6.2.0.3 from any IBM Sterling B2B Integrator version when FIPS mode is enabled.

When in FIPS mode, Sterling B2B Integrator performs the following tasks:

Enables the GSE FIPS state machine and invokes power-on self-tests.
Funnels cryptographic function calls from the core system to the GSE.

Important: Note the following important points relevant to FIPS 140-2 compliance in Sterling B2B Integrator:

Sterling B2B Integrator uses the Maverick SSHTools for SSH/SFTP support. By default, Maverick uses the Bouncy Castle FIPS Java API for AES-CTR (128, 192, and 256 bit) cipher support. But, it can be configured to use other Cryptographic Modules as well. Bouncy Castle FIPS Java API is a validated FIPS 140-2 cryptographic module as per NIST Certificate # 2768.
Each version of Sterling B2B Integrator includes the updated versions of the TrustpointProviders.jar and EccpressoFIPSJca.jar files and are FIPS 140-2 compliant.
Sterling B2B Integrator supports FIPS mode in all the supported operating systems. For more information about the supported operating systems, see System requirements.
For the JAVA versions that Sterling B2B Integrator uses to operate in FIPS mode, see System requirements.
When running in FIPS Mode, Sterling B2B Integrator supports SSH Ciphers AES128-CTR, AES192-CTR, and AES256-CTR, as well as SSL/TLS Ciphers AES128-GCM and AES256-GCM.

Restriction: TLS 1.3 is unsupported with FIPS 140-2 or the new cipher suites defined for it.