To configure Rational DOORS Web Access to comply with SP 800-131A, you modify the Apache Tomcat server configuration values to reject requests with certificates that do not meet the minimum required encryption strengths. You must use a security provider that complies with FIPS 140-2 and configure its system properties to run in SP 800-131A mode. That configuration ensures that you are using the proper protocol and cipher suites.
For strict compliance, key strength and signature algorithms are also verified. Strict compliance allows only the TLS 1.2 protocol. You must ensure that the certificates, keys, and secure random number generator, if specified, comply with SP 800-131A.
When Rational DOORS Web Access is enabled to support SP800-131A in strict mode, all remote services must also be configured to support SP 800-131A strict mode. If a remote service does not support the minimum requirements for SP 800-131A strict mode, than any request to that service will fail.
Ensure that digital signatures are a minimum of SHA2 and 2048 bits.
Update client browsers to one that supports the minimum TLS version. The minimum TLS version is determined by the value that is specified in the sslProtocol property that is in the server.xml file.
Ensure that client and server certificates, including root and intermediate certificates, are at least 112 bits and are signed properly, as defined in this procedure. Check keys in keystores and trusted certificates in trust stores.
See Configuring compliance for NIST SP 800-131A in the Rational DOORS database server and client.