Enable FIPS Mode in Tomcat by editing the Tomcat server.xml configuration file

Question

When I try to set the FIPS Mode in Configuration as below:

<Listener    className="org.apache.catalina.core.AprLifecycleListener"    SSLEngine="on"    FIPSMode="on"/>

I’m getting error in the coldfusion-error.log: “Failed to enter FIPS mode” and unable to login to CF Admin page.

How can I fix this error with enabling the FIPS mode?

Thanks!

BKBK · Accepted Answer

Suggestion:Enable FIPS on Windows Server 2022.You can do so as follows:On Windows Start menu, open Local Security Policy. Click onLocal Policies. Double-click on Security Options. Scroll to the option “System cryptography: Use FIPS compliantalgorithms forencryption, hashing and signing” and double-click on it. Choose theEnabledoption.Install and run the ColdFusion 2023Auto-Lockdown Tool for STIG alignment. When you do, it might help to consult the ColdFusion 2023 Lockdown Guide.

BKBK · Answer

I don’t think you should tamper with that listener in order to enable FIPS mode. So, switch it back to its default state,

<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>

and let’s look for an alternative solution.

To start with, what is your Operating System and ColdFusion build number?

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded