Recommended Action

If you want to switch back from FIPS mode to non-FIPS mode, reset SM_FIPS140 to False. You do not need to remove the Unlimited Strength Jurisdiction Policy Files. If you require FIPS support, you need to download additional JAR (Java Archive) files.

For example:

NAS Log Error Snippet:
MAIN_MSG-*-STDFD_OUT-stdout: javax.net.ssl.SSLException:
java.security.InvalidKeyException: Illegal key size
[June 17, 2011 6:37:49 PM GMT+05:30 +227ms] t@1084229984 platform MAIN_MSG-*-STDFD_OUT-stdout:
at com.rsa.sslj.x.aJ.b(Unknown Source)
at com.rsa.sslj.x.aJ.a(Unknown Source)
at com.rsa.sslj.x.aJ.b(Unknown Source)
at com.rsa.sslj.x.aU.d(Unknown Source)
at com.rsa.sslj.x.aU.a(Unknown Source)
at com.rsa.sslj.x.aU.h(Unknown Source)
at com.rsa.sslj.x.cI.startHandshake(Unknown Source)
at
com.smarts.nas_probe.ControlStationInterface.getSSLSocket(ControlSta
tionInterface.java:314)
at
com.smarts.nas_probe.ControlStationInterface.post(ControlStationInte
rface.java:75)
at
com.smarts.nas_probe.ControlStationInterface.getReply(ControlStation
Interface.java:58)
at com.smarts.nas_probe.XMP.NasXML(XMP.java:25)
Caused by: com.rsa.sslj.x.ax: java.security.InvalidKeyException:
Illegal key size
at com.rsa.sslj.x.aJ.b(Unknown Source)
at com.rsa.sslj.x.cR.k(Unknown Source)MAIN_MSG-*-STDFD_OUT-stdout: e
Caused by: java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at com.rsa.sslj.x.Y.<init>(Unknown Source)
......

With BSAFE SSL-J, some of the FIPS cryptographic algorithms require Unlimited Strength Jurisdiction Policy Files.

Download and install the Unlimited Strength Jurisdiction Policy Files to run the NAS adapter in FIPS mode by doing the following:

Versions starting at IP 8.1.2 use JRE 1.6, therefore go to, http://www.oracle.com/technetwork/java/javase/downloads/index.html http://www.oracle.com/technetwork/java/javase/downloads/index.html and download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 from the Additional Resources section.

Extract the local_policy.jar and US_export_policy.jar files from the downloaded zip file.

Go to the <BASEDIR>/smarts/jre/lib/security directory and then backup the existing policy files in this path.

Overwrite the local_policy.jar and US_export_policy.jar files to the <BASEDIR>/smarts/jre/lib/security directory.