S-TAP returns not FIPS 140-2 compliant
If you receive an error that about FIPS 140-2,
change the configuration through the S-TAP Control page.
Symptoms
Supported: - Solaris X86 - Linux x86/64 - Linux x86/32 - Linux S390X - Linux IA64Not Supported: - Solaris SPARC - AIX PowerPC - HPUX RISC - HPUX IA64 - Linux PowerPC
You see the following message in the S-TAP event log.
LOG_ERR: To enable FIPS
140-2 mode set use_tls=1
Causes
FIPS 140-2 is a U.S. government security standard for cryptographic modules. If you see this message, it indicates that the S-TAP configuration does not meet government requirements.
Note: This
message does not indicate that there is an error with the S-TAP.
Environment
Guardium S-TAP is affected.
Supported: Solaris X86; Linux x86/64; Linux x86/32; Linux S390X; Linux IA64
Not Supported: Solaris SPARC; AIX PowerPC; HPUX RISC; HPUX IA64; Linux PowerPC
Resolving the problem
To enable FIPS compliance, the guard_tap.ini file must have the following settings.
use_tls=1
You can change the configuration by using one of the following methods.
- Click .
- Modify the details section for the relevant S-TAP and use the TLS check boxes.
- Restart the S-TAP.
You can also edit the guard_tap.ini file on the DB server directly and restart the S-TAP.