WebSphere eXtreme Scale security standards
You can configure the product with TLS transport protection that complies with several security standards.
Federal Information Processing Standard (FIPS) 140-2 provides for certification of cryptography modules. The National Institute of Standards and Technology (NIST) has defined a standard for levels of protection with TLS, which is defined in Special Publications 800-131a (SP800-131a). Two levels of protection are defined, transition and strict. See The National Institute of Standards and Technology website for more information on the FIPS 140-2 and SP800-131a standards.
WebSphere® eXtreme Scale uses the security capabilities of the IBM® Java™ Runtime Environment (JRE) to support these standards. This JRE includes cryptographic modules which have been certified as FIPS 140-2 compliant. If you want to use FIPS encryption, and you run with Java 6, then you must use Java 6 SR15 or higher.
You can also configure Java virtual machines (JVMs) running WebSphere eXtreme Scale so that TLS is implemented in compliance with the SP800-131a at either the transition or strict levels when running with the eXtremeIO (XIO) transport. It is possible to use FIPS compliant cryptography from the IBM JRE while supporting SP800-131a at either the transition or strict levels. To configure FIPS 140-2, see Configuring WebSphere eXtreme Scale to use FIPS 140-2.
- SHA1withDSA
- SHA256withDSA
- SHA1withRSA
- SHA256withRSA
- SHA384withRSA
- SHA512withRSA
- SHA1withECDSA
- SHA256withECDSA
- SHA384withECDSA
- SHA512withECDSA
- SHA256withDSA
- SHA256withRSA
- SHA384withRSA
- SHA512withRSA
- SHA256withECDSA
- SHA384withECDSA
- SHA512withECDSA
SP800-131a transition and strict modes also specify which TLS cipher suites are permitted in each mode. A compliant cipher suite will be negotiated by the TLS exchange when the product JVM is configured in one of these modes. For more information about configuring SP800-131a compliance, see Configuring WebSphere eXtreme Scale to use NIST SP800-131a.
Properties used to enable the security standards
The IBM virtual machine for Java (JVM) runs in a given security mode based on system properties. When you start a WebSphere eXtreme Scale catalog or container server running standalone, you set these system properties according to the FIPS 140-2 and SP800-131a mode you need.
Security standard | System property to enable | Valid values |
---|---|---|
FIPS 140-2 | com.ibm.jsse2.usefipsprovider=true | true or false |
SP800-131-transition | com.ibm.jsse2.sp800-131=transition | transition or strict |
SP800-131-strict | com.ibm.jsse2.sp800-131=strict | strict |
When you start a WebSphere eXtreme Scale catalog or container within the
WebSphere Application Server process, it inherits the FIPS 140-2
setting, the SP800-131a
setting, or both for that WebSphere Application Server process.