Can not connect to sqlserver with Bouncy Castle Fips Provider using to run the JSSE in FIPS mod

Question

I am in Java 8 v102, using sqljdbc42.jar and jtds-1.3.1.jar to connect to SQL Server 2008 in FIPS mode. I configured my Java with https://www.bouncycastle.org/fips/BCUserGuide.pdf, but I am getting the below error. How can I resolve this?

com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption . Error: "FIPS mode: only SunJSSE TrustManagers may be used".

Answer 1

FIPS Mode doesn't allow TrustManager/KeyManager implementation from third-party sources, only SunJSSE KeyManager/TrustManager are supported which are instance of X509TrustManagerImpl/X509KeyManagerImpl.

I overcame this in postgres jdbc where it allowed me to pass custom sslFactory so I passed org.postgresql.ssl.DefaultJavaSSLFactory which in turn will prevent postgres to send it's own KeyManager implementation and will delegate the process to Java to provide with right KeyManager instance.

In other jdbc drivers, you may need to find same configuration to overcome this.