Title: How to Enable SSLFIPS For Use In Apps 10 Instances?
Problem: An ITAR customer (USA based) with many internal security requirements wishes to configure and use SSLFIPS for secured communications within IFS user sessions. Can they activate SSLFIPS?
Recreated in core: No errors encountered so far. Use of SSLFIPS has not yet been attempted.
Recreated in customer environments: no
Business Impact: customer needs to bring their IFS use into compliance with “STIG” (security policies)
Importance: This ITAR customer must comply with governmental and internal security requirements
Case ID: LCS - G2346435 (none in Service Now)
Request for R&D: Original question from IFS systems engineer reads as follows:
“Customer has asked a security (STIG) question regarding MWS changes to ssl.conf:
Is it possible to urgently get an answer to the following STIG related question if we get clarification it will help us to remove several STIG non compliances that we have:
Can we turn on SSLFIPS? Oracle HTTP Server 12.1.3 How do we do it?
We think we need to do the following but need advice from IFS on whether this is right?
Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor.
Search for the "SSLFIPS" directive at the OHS server configuration scope.
Set the "SSLFIPS" directive to "On", add the directive if it does not exist.”
Please advise whether or not the IFS engineer has guided this customer correctly.