How can one programmatically check if FIPS is enabled?


How can one programmatically check if FIPS (Federal Information Processing Standard: Publication 140-2) is enabled, for example the Bouncy Castle implementation? 



Please NOTE: the following source is provided as-is and is not supported by Azul.


(a) To verify from a Linux command-line that Java was started with FIPS enabled, you could run the following command:

ps -ef | grep "" | tail -1 | grep "$JAVA_HOME/jre/lib/security/"



(b) Alternatively, the following Java code snippet can be used to test if FIPS is enabled:

    if (org.bouncycastle.crypto.fips.FipsStatus.isReady()) { random = new;
      if (random.getProvider().getName().equals("BCFIPS")) {
        System.out.println("FIPS mode ready and active");
      } else {
        System.out.println("FIPS mode ready but disabled");
    } else {
      System.out.println("FIPS not ready");



(c) Finally, if you need a "negative" test (e.g. throw an exception if FIPS is enabled), the attached "" can be used as follows:


1.)  Please replace your $JAVA_HOME/jre/lib/security/ configuration file with the attached "" file.  This is only necessary in zulu released prior to April 2021.

2.)  Compile "" with a JVM that includes Bouncy Castle.  For example:

$ export JAVA_HOME=/home/java/fips-jdk8-1.8.0_282-tdc1.x86_64
$ $JAVA_HOME/bin/javac

  (a) To test regular (non-FIPS) mode, do as follows:

$ $JAVA_HOME/bin/java fipstest
Regular mode

  (b) To test FIPS mode, do as follows:

$ $JAVA_HOME/bin/java$JAVA_HOME/jre/lib/security/ -Dorg.bouncycastle.fips.approved_only=true fipstest 
Exception in thread "main" java.lang.RuntimeException: FIPS mode enabled
              at fipstest.main(


Add Comment



Article is closed for comments.

Was this article helpful?
0 out of 0 found this helpful