ssl-fips-enabled

Edit online

Use the ssl-fips-enabled entry in the [dsess-cluster] stanza to control whether WebSEAL uses TLSv1 or SSLv3 communication with the distributed session cache.

Syntax

ssl-fips-enabled = {yes|no}

Description

Determines whether Federal Information Process Standards (FIPS) mode is enabled on the distributed session cache. If no configuration entry is present, the setting from the global setting—as determined by the ssl-fips-enabled entry in the [ssl] stanza of the policy server—takes effect.

When set to yes or the setting in the policy server configuration file is set to yes, Transport Layer Security (TLS) version 1 (TLSv1) is the secure communication protocol used. When set to no or the setting in the policy server configuration file is set to no, SSL version 3 (SSLv3) is the secure communication protocol used.

Note: The [dsess-cluster] ssl-nist-compliance setting can override this entry. If ssl-nist-compliance is set to yes, FIPS mode processing is automatically enabled.

Options

yes: Indicates that TLSv1 is the secure communication protocol.
no: Indicates that SSLv3 is the secure communication protocol.

Usage

This stanza entry is optional.

Default value

None.

If a different FIPS level than that of the policy server is required, it is the responsibility of the administrator to edit the configuration file, uncomment the stanza entry, and specify this value.

Example

ssl-fips-enabled = yes