Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Service Manager9.41

Administer > System Security > FIPS mode

FIPS mode

FIPS (Federal Information Processing Standards) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within U.S. non-military government agencies and by U.S. government contractors and vendors who work with the agencies.

FIPS 140-2, “Security Requirements for Cryptographic Modules,” was issued by the U.S. National Institute of Standards and Technology (NIST) in May, 2001. The standard specifies the security requirements for cryptographic modules utilized within a security system that protects sensitive or valuable data.

As of version 9.32, Service Manager is FIPS 140-2 compliant when running in FIPS mode. The following table describes two operation modes of the Service Manager server and clients.

Operation mode	Description
FIPS mode (FIPS 140-2 compliant mode)	Supports FIPS 140-2 compliant cryptographic functions.
Standard mode (Non-FIPS 140-2 compliant mode)	Utilizes existing cryptography without the 3rd-party FIPS 140-2 validated cryptographic modules.

Operation mode

Description

FIPS mode

(FIPS 140-2 compliant mode)

Supports FIPS 140-2 compliant cryptographic functions.

Standard mode

(Non-FIPS 140-2 compliant mode)

Utilizes existing cryptography without the 3rd-party FIPS 140-2 validated cryptographic modules.

To support FIPS mode, the Service Manager server and clients have introduced the following changes as of version 9.32.

Note If the FIPS mode is enabled, the encrypted fields cannot be retrieved via the legacy listener.

Server side

Out-of-the-box, the Service Manager server uses a 3rd-party FIPS 140-2 validated cryptographic module, OpenSSL FIPS Object Module. Additional changes are listed in the following table.

Item	Description
AES encryption algorithm	Service Manager provides the function to encrypt table fields. Prior to version 9.32, Service Manager uses the Data Encryption Standard (DES) encryption algorithm, which is not FIPS-compliant. As of version 9.32, when running in FIPS mode, Service Manager uses the Advanced Encryption Standard (AES) encryption algorithm, which is FIPS 140-2 compliant. After enabling FIPS mode, you must upgrade your database's encryption algorithm from DES to AES by running the `sm -upgradeencralg` command. For details, see Configure FIPS mode in Service Manager.
Additional support of 256-bit database encryption keys	Prior to version 9.32, Service Manager only supports 64-bit database encryption keys. As of version 9.32, Service Manager supports 64-bit keys in non-FIPS mode and 256-bit keys in FIPS mode.
The `fipsmode` parameter	This server parameter determines whether the server runs in FIPS or non-FIPS mode when set to 1 or 0: 1 (FIPS mode): All Service Manager servers and clients run in FIPS mode (for example, a pre-9.32 client, which does not support FIPS mode, can no longer connect to the SM9.32 server). 0 (default, non-FIPS mode): All Service Manager servers and clients run in non-FIPS mode (for example, a pre-9.32 client can still connect to an SM9.32 or later server). In this mode, Service Manager keeps the same data encryption/decryption behavior as in previous versions. Note In a horizontal scaling environment, you must set this parameter to the same value (either 1 or 0) on all server nodes.
Additional OpenSSL libraries (Windows server)	In addition to `libeay32.dll`, Service Manager has introduced `libeay32_fba.dll` and `libeay32_rba.dll`: `libeay32_fba.dll`: A copy of `libeay32.dll` for backup purposes. `libeay32_rba.dll`: A variant of `libeay32.dll`, with a relocatable base address. If the system fails to load the default dll (`libeay32.dll`), copy this file to `libeay32.dll`.

Client side

Out-of-the-box, the Windows and web clients use a 3rd-party FIPS 140-2 validated cryptographic module, RSA BSAFE Crypto-J. To allow administrators to enable FIPS mode, the web and Windows clients have introduced the following parameters or security preference options.

Client	New Parameters
Web (`web.xml`)	`JCEProviderName` `JCEProviderClassName`
Windows ( Window > Preferences > HPE Service Manager > Security)	JCE provider name JCE provider class name

Send Help Center feedback