The Federal Information Processing Standard (or FIPS) is a cryptography standard created by the U.S. government. FIPS specifications require certain secure algorithms, cryptographic modules, and random number generation. Hybrid Data Pipeline uses the Bouncy Castle libraries to provide FIPS 140-2 compliant cryptography. Running Hybrid Data Pipeline in FIPS mode impacts the following server behaviors:

  • The way Pseudo-Random Number Generation for cryptographic elements is secured
  • The modules used for generating encrypted data including SSL
  • The handling of SSL certificates, including the generation of the Java truststore and keystore to be compatible with the Bouncy Castle libraries
Important:
  • If you are connecting to PostgreSQL data stores or using PostgreSQL as an external system database, please note the following. When installing the Hybrid Data Pipeline Server in FIPS mode and connecting to a PostgreSQL 14 or later database using scram-sha-256 authentication, the administrator and user passwords must be greater than 112 bits in length (equivalent to 14 UTF-8 Latin block characters). If this requirement is not met, the product will time out, or return the error org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: password must be at least 112 bits.
  • FIPS is not supported for the On-Premises Connector.