Skip to main content

Welcome to our updated site!

Skyhigh Security

Disable FIPS on Cloud Connector

Skyhigh Cloud Connector is FIPS (Federal Information Processing Standards) compliant by default starting with Skyhigh Cloud Connector 5.4.0.

NOTE: There is a known issue in which the FIPS-enabled Skyhigh Cloud Connector generates SSL errors in the Cloud Connector debug log. The ERR_SSL_PROTOCOL_ERROR error causes enterprise PII detokenization API calls from the Cloud Connector UI to fail and displays error messages on the Cloud Connector UI.

You can disable FIPS on the Cloud Connector for Linux and Windows operating systems.

Disable FIPS on Cloud Connector (Linux)

You must perform the following steps to disable FIPS on on your Cloud Connector for Linux:

Stop the Log Processor Service

To stop the log processor service:

  1. Create a backup folder on Linux.
  2. From the <EC installation Directory>/jre/lib/ext directory, copy the bc-fips-x.x.x.jar and bctls-fips-x.x.xx.jar files to the backup folder.
  3. Delete the bc-fips-x.x.x.jar and bctls-fips-x.x.xx.jar files from the <EC installation Directory>/jre/lib/ext directory.
    NOTE: Make sure to copy the <EC installation Directory>/jre/lib/security/java.security file to the backup folder for future reference.

Add multi line comment in java security file

In the <EC installation Directory>/jre/lib/security/java.security java security file, add the following multi line comment: 
NOTE: You must include a '#' at the beginning of these lines in the java security file.

security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS
security.provider.3=sun.security.provider.Sun

Add properties in java security file

In the <EC installation Directory>/jre/lib/security/java.security java security file:

  1. Add the following properties:
    NOTE: Make sure that you do not change the letter case.
    security.provider.1=sun.security.provider.Sun
    security.provider.2=sun.security.rsa.SunRsaSign
    security.provider.3=sun.security.ec.SunEC
    security.provider.4=com.sun.net.ssl.internal.ssl.Provider
    security.provider.5=com.sun.crypto.provider.SunJCE
    security.provider.6=sun.security.jgss.SunProvider
    security.provider.7=com.sun.security.sasl.Provider
    security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
    security.provider.9=sun.security.smartcardio.SunPCS
  1. Set ssl.KeyManagerFactory.algorithm to SunX509 and securerandom.strongAlgorithms to NativePRNGBlocking:SUN.

Start the Log Processor Service

FIPS is disabled on your Cloud Connector for Linux.

Disable FIPS on Cloud Connector (Windows)

You must perform the following steps to disable FIPS on on your Cloud Connector for Windows:

Stop the Log Processor Service

To stop the log processor service:

  1. Create a backup folder on Windows.
  2. From the <EC installation Directory>/jre/lib/ext directory, copy the bc-fips-x.x.x.jar and bctls-fips-x.x.xx.jar files to the backup folder.
  3. Delete the bc-fips-x.x.x.jar and bctls-fips-x.x.xx.jar files from the <EC installation Directory>/jre/lib/ext directory.
    NOTE: Make sure to copy the <EC installation Directory>/jre/lib/security/java.security file to the backup folder for future reference.

Add multi line comment in java security file

In the <EC installation Directory>/jre/lib/security/java.security java security file, add the following multi line comment: 
NOTE: You must include a '#' at the beginning of these lines in the java security file.

security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS
security.provider.3=sun.security.provider.Sun

Add properties in java security file

In the <EC installation Directory>/jre/lib/security/java.security java security file,

  1. Add the following properties:
    NOTE: Make sure that you do not change the letter case.
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=sun.security.mscapi.SunMSCAPI
  1. Set ssl.KeyManagerFactory.algorithm to SunX509.

Start the Log Processor Service

FIPS is disabled on your Cloud Connector for Windows.

  • Was this article helpful?