What Java Cryptography Extension (JCE) providers are FIPS 140-2 compliant? More specifically, does the Sun/Oracle provider qualify?
Which JCE providers are FIPS 140-2 compliant?
19.1k Views Asked by Rob H At
3
There are 3 best solutions below
0

Actually the Sun PKCS#11 Provider does look like it is FIPS 140-2 compliant. It is based on Network Security Services. I'm pretty sure that is what certificates 1278, 1279 and 1280 are on that NIST link that @stephen-c posted. The Oracle docs are a little vague regarding compliance but this is the best I have found so far.
According to this information on this page:
However, Oracle do have a validated module called "Oracle Cryptographic Libraries for SSL". The description does not say this is a JCE provider ... but it might be.
Also, Oracle don't appear to have any "modules in progress" for FIPS 140-2 validation.