Configuration of the Cipher engine and FIPS mode processing

Edit online

You can use the WebSEAL configuration file to specify the Cipher engine used by GSKit.

[ssl]
base-crypto-library = Default

Valid values for this entry are:

  • Default

    This value tells GSKit to select the optimal cryptographic base to use. For WebSEAL Version 7, the default cryptographic base is ICC.

  • ICC

You can specify whether to enable FIPS mode processing. FIPS mode processing is disabled by default. To enable FIPS mode processing, set the following entry:

[ssl]
fips-mode-processing = yes

Set the value to "yes" when you are using ICC and you want to use the FIPS 140-1 approved protocols and ciphers.