Although most non-FIPS compliant algorithms are stripped out of the JCA security providers when running in FIPS mode, it is necessary for a small subset of non-FIPS algorithms to remain. In some cases, this is for compatibility with older systems (e.g. to decrypt old BOG files). In other cases, Java needs specific non-FIPS algorithms, for example to load and verify security providers.
Ciphers
Blowfish
Macs
HMAC/MD5
HmacMD5
Message Digests
MD5
SSL3-SHAMD5
Signatures
MD5withRSA
These non-FIPS algorithms are listed above. Although these algorithms are available for use through JCA calls, these should never be used—unless it is to upgrade an older system that uses non-FIPS algorithms. For example, you could decrypt using the Blowfish cipher, but you could not encrypt with it.
See Developers notes on FIPS for related information.
Copyright © 2000-2014 Tridium Inc. All rights reserved.