Skip to content

Commit 3cda9d0

Browse files
authored
Merge pull request MicrosoftDocs#9619 from David-Engel/FipsUpdate
Update FIPS references
2 parents ede0e75 + 4c5562a commit 3cda9d0

1 file changed

Lines changed: 12 additions & 24 deletions

File tree

docs/connect/jdbc/fips-mode.md

Lines changed: 12 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: "FIPS Mode in JDBC | Microsoft Docs"
33
ms.custom: ""
4-
ms.date: "07/12/2018"
4+
ms.date: "03/26/2019"
55
ms.prod: sql
66
ms.prod_service: connectivity
77
ms.reviewer: "craigg"
@@ -14,39 +14,29 @@ manager: "kenvh"
1414
# FIPS Mode
1515
[!INCLUDE[Driver_JDBC_Download](../../includes/driver_jdbc_download.md)]
1616

17-
The Microsoft JDBC Driver for SQL Server supports *FIPS 140 Compliant Mode*. For Oracle / Sun JVM, refer to the [FIPS 140 Compliant Mode for SunJSSE](https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/FIPS.html) section provided by Oracle to configure FIPS enabled JVM.
17+
The Microsoft JDBC Driver for SQL Server supports running in JVMs configured to be *FIPS 140 Compliant*.
1818

1919
#### Prerequisites
2020

2121
- FIPS configured JVM
22-
- Appropriate SSL Certificate.
23-
- Appropriate policy files.
24-
- Appropriate Configuration Parameters.
25-
22+
- Appropriate SSL Certificate
23+
- Appropriate policy files
24+
- Appropriate Configuration Parameters
2625

2726
## FIPS Configured JVM
2827

29-
To see the approved modules for FIPS Configuration, refer to the [Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules](https://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2016.htm).
30-
31-
Vendors may have some additional steps to configure JVM with FIPS.
28+
Generally, applications can configure the `java.security` file to use FIPS compliant crypto providers. Please see the documentation specific to your JVM for how to configure FIPS 140 compliance.
3229

33-
### Ensure your JVM is in FIPS Mode
34-
To ensure your JVM is FIPS enabled, execute the following snippet:
30+
To see the approved modules for FIPS Configuration, refer to [Validated Modules in the Cryptographic Module Validation Program](https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules).
3531

36-
```java
37-
public boolean isFIPS() throws Exception {
38-
Provider jsse = Security.getProvider("SunJSSE");
39-
return jsse != null && jsse.getInfo().contains("FIPS");
40-
}
41-
```
32+
Vendors may have some additional steps to configure a JVM with FIPS.
4233

4334
## Appropriate SSL Certificate
44-
In order to connect SQL Server in FIPS mode, a valid SSL Certificate is required. Install or import it in the Java Key Store on the client machine (JVM) where FIPS is enabled.
35+
In order to connect to SQL Server in FIPS mode, a valid SSL Certificate is required. Install or import it into the Java Key Store on the client machine (JVM) where FIPS is enabled.
4536

4637
### Importing SSL Certificate in Java KeyStore
47-
For FIPS, most likely you need to import the certificate (.cert) to either PKCS or in a provider-specific format.
48-
Use the following snippet to import the SSL certificate and store it in a working directory with the appropriate KeyStore format. _TRUST\_STORE\_PASSWORD_ is your password for Java KeyStore.
49-
38+
For FIPS, most likely you need to import the certificate (.cert) in either PKCS or a provider-specific format.
39+
Use the following snippet to import the SSL certificate and store it in a working directory with the appropriate KeyStore format. _TRUST\_STORE\_PASSWORD_ is your password for Java KeyStore.
5040

5141
```java
5242
public void saveGenericKeyStore(
@@ -76,8 +66,7 @@ private Certificate getCertificate(String pathName)
7666
}
7767
```
7868

79-
80-
The following example is importing an Azure SSL Certificate in PKCS12 format with BouncyCastle Provider. The certificate is imported in the working directory named _MyTrustStore\_PKCS12_ by using the following snippet:
69+
The following example is importing an Azure SSL Certificate in PKCS12 format with the BouncyCastle Provider. The certificate is imported in the working directory named _MyTrustStore\_PKCS12_ by using the following snippet:
8170

8271
`saveGenericKeyStore(BCFIPS, PKCS12, "SQLAzure SSL Certificate Name", "SQLAzure.cer");`
8372

@@ -99,4 +88,3 @@ To run the JDBC Driver in FIPS-compliant mode, configure connection properties a
9988
|fipsProvider|String|null|FIPS provider configured in JVM. For example, BCFIPS or SunPKCS11-NSS |Added in 6.1.2 (Stable release 6.2.2), deprecated in 6.4.0 - see the details [Here](https://github.com/Microsoft/mssql-jdbc/pull/460).|
10089
|trustStoreType|String|JKS|For FIPS mode set trust store type either PKCS12 or type defined by FIPS provider |Added in 6.1.2 (Stable release 6.2.2)||
10190
|   |   |   |   |   |
102-

0 commit comments

Comments
 (0)