S-TAP returns not FIPS 140-2 compliant

If you receive an error that about FIPS 140-2, change the configuration through the S-TAP Control page.

Symptoms

Supported: - Solaris X86 - Linux x86/64 - Linux x86/32 - Linux S390X - Linux IA64
Not Supported: - Solaris SPARC - AIX PowerPC - HPUX RISC - HPUX IA64 - Linux PowerPC

You see the following message in the S-TAP event log.

LOG_ERR: To enable FIPS 140-2 mode set use_tls=1

Causes

FIPS 140-2 is a U.S. government security standard for cryptographic modules. If you see this message, it indicates that the S-TAP configuration does not meet government requirements.

Note: This message does not indicate that there is an error with the S-TAP.

Environment

Guardium S-TAP is affected.

Supported: Solaris X86; Linux x86/64; Linux x86/32; Linux S390X; Linux IA64

Not Supported: Solaris SPARC; AIX PowerPC; HPUX RISC; HPUX IA64; Linux PowerPC

Resolving the problem

To enable FIPS compliance, the guard_tap.ini file must have the following settings.

use_tls=1

You can change the configuration by using one of the following methods.

  1. Click Manage > Activity Monitoring > S-TAP Control.
  2. Modify the details section for the relevant S-TAP and use the TLS check boxes.
  3. Restart the S-TAP.

You can also edit the guard_tap.ini file on the DB server directly and restart the S-TAP.