Parameter: fipsmode

Parameter

fipsmode

Description

This parameter determines whether the Service Manager Server runs in FIPS 140-2 compliant mode ("FIPS mode"). This parameter can have one of the following values:

Caution In a horizontal scaling environment, you must set this parameter to the same value in all server nodes.

  • 0 (default): FIPS mode is disabled. Service Manager uses the 64-bit DES encryption algorithm, and SSL connections to the Service Manager server do not use TLS protocols that are implemented by using a FIPS validated provider. By default, FIPS mode is disabled in Service Manager.
  • 2: FIPS mode is enabled. Service Manager uses the 256-bit AES data encryption algorithm, and SSL connections to the Service Manager Server use TLS protocols that are implemented by using a FIPS validated provider. Additionally, Service Manager must use FIPS compliant Lightweight Single Sign-On (LW-SSO) and random number generation algorithms.

Note For backward compatibility, if you used "fipsmode:1" to enable FIPS compliant AES-256 data encryption only, you can continue to use this configuration without any problems.

When FIPS mode is enabled on the Service Manager Server side, all clients (Windows Client, Web Tier Client, Mobility Client, SRC, and Web Service integrations), LDAP Servers, and the Solr Search Engine can communicate with the Service Manager Server through only TLS (either FIPS validated TLS or normal TLS); however, the recommended best security practice is to run all of them in FIPS mode as well.

For more information, see FIPS mode.

Valid if set from

Server's operating system command prompt

Initialization file (sm.ini)

Requires restart of the Service Manager server?

Yes

Default value

0

Possible values

0, 2

Example usage

Command line: sm -httpport:13080 -fipsmode:2

Initialization file: fipsmode:2