You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Microsoft JDBC Driver for SQL Server supports *FIPS 140 Compliant Mode*. For Oracle / Sun JVM, refer to the [FIPS 140 Compliant Mode for SunJSSE](https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/FIPS.html) section provided by Oracle to configure FIPS enabled JVM.
17
+
The Microsoft JDBC Driver for SQL Server supports running in JVMs configured to be *FIPS 140 Compliant*.
18
18
19
19
#### Prerequisites
20
20
21
21
- FIPS configured JVM
22
-
- Appropriate SSL Certificate.
23
-
- Appropriate policy files.
24
-
- Appropriate Configuration Parameters.
25
-
22
+
- Appropriate SSL Certificate
23
+
- Appropriate policy files
24
+
- Appropriate Configuration Parameters
26
25
27
26
## FIPS Configured JVM
28
27
29
-
To see the approved modules for FIPS Configuration, refer to the [Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules](https://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2016.htm).
30
-
31
-
Vendors may have some additional steps to configure JVM with FIPS.
28
+
Generally, applications can configure the `java.security` file to use FIPS compliant crypto providers. Please see the documentation specific to your JVM for how to configure FIPS 140 compliance.
32
29
33
-
### Ensure your JVM is in FIPS Mode
34
-
To ensure your JVM is FIPS enabled, execute the following snippet:
30
+
To see the approved modules for FIPS Configuration, refer to [Validated Modules in the Cryptographic Module Validation Program](https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules).
Vendors may have some additional steps to configure a JVM with FIPS.
42
33
43
34
## Appropriate SSL Certificate
44
-
In order to connect SQL Server in FIPS mode, a valid SSL Certificate is required. Install or import it in the Java Key Store on the client machine (JVM) where FIPS is enabled.
35
+
In order to connect to SQL Server in FIPS mode, a valid SSL Certificate is required. Install or import it into the Java Key Store on the client machine (JVM) where FIPS is enabled.
45
36
46
37
### Importing SSL Certificate in Java KeyStore
47
-
For FIPS, most likely you need to import the certificate (.cert) to either PKCS or in a provider-specific format.
48
-
Use the following snippet to import the SSL certificate and store it in a working directory with the appropriate KeyStore format. _TRUST\_STORE\_PASSWORD_ is your password for Java KeyStore.
49
-
38
+
For FIPS, most likely you need to import the certificate (.cert) in either PKCS or a provider-specific format.
39
+
Use the following snippet to import the SSL certificate and store it in a working directory with the appropriate KeyStore format. _TRUST\_STORE\_PASSWORD_ is your password for Java KeyStore.
The following example is importing an Azure SSL Certificate in PKCS12 format with BouncyCastle Provider. The certificate is imported in the working directory named _MyTrustStore\_PKCS12_ by using the following snippet:
69
+
The following example is importing an Azure SSL Certificate in PKCS12 format with the BouncyCastle Provider. The certificate is imported in the working directory named _MyTrustStore\_PKCS12_ by using the following snippet:
@@ -99,4 +88,3 @@ To run the JDBC Driver in FIPS-compliant mode, configure connection properties a
99
88
|fipsProvider|String|null|FIPS provider configured in JVM. For example, BCFIPS or SunPKCS11-NSS |Added in 6.1.2 (Stable release 6.2.2), deprecated in 6.4.0 - see the details [Here](https://github.com/Microsoft/mssql-jdbc/pull/460).|
100
89
|trustStoreType|String|JKS|For FIPS mode set trust store type either PKCS12 or type defined by FIPS provider |Added in 6.1.2 (Stable release 6.2.2)||
0 commit comments