McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 161

↗ View in doc context
page
161
source
cucm/v15/jtapi-dev-guide/jtapi-dev-guide.md
chunk_id
cucm::v15::jtapi-dev-guide::jtapi-dev-guide::125

From Release 15SU2 onwards, the BCFIPS libraries are: • bc-fips.jar (version 2.0.0) • bctls-fips.jar (version 2.0.19) • bcpkix-fips.jar (version 2.0.6) • bcutil-fips.jar (version 2.0.1) If you're upgrading the BCFIPS jars in your runtime environment to the latest supported (2.x as aforementioned) and an application is using an older jtapi.jar (earlier than 15SU2), while setting up the application environment, you must explicitly set "org.bouncycastle.jsse.fips.allowRSAKeyExchange" to True as a runtime system property to ensure that CAPF operation succeeds. Note These libraries contain special implementations of several key cryptographic functions that replace the older implementation in jtapi.jar. If your application contains a lib folder where third-party libraries are stored, the classpath looks as follows: • For the JTAPI plugin using RSA libraries (refer above for library usage information as per the Unified Communications Manager release): ./libs/jcmFIPS.jar;./libs/cryptojcommon.jar;./libs/cryptojce.jar;./libs/sslj.jar;./libs/jtapi.jar • For the JTAPI plugin using CiscoJ libraries (refer above for library usage information as per the Unified Communications Manager release): ./libs/CiscoJCEProvider.jar;./libs/CiscoJUtils.jar;./libs/CiscoJCEJNI.so;./libs/libssl.so; ./libs/libssl.so.1.0.1;./libs/log4j-1.2.17.jar;./libs/libciscosafec.so;./libs/libciscosafec.so.4; ./libs/libciscosafec.so.4.0.1;./libs/libcrypto.so;./libs/libcrypto.so.1.0.1; ./libs/slf4j-api-1.7.24.jar;./libs/slf4j-log4j12-1.7.24.jar;./libs/slf4j-simple-1.7.24.jar; ./libs/bcpkix-jdk15on.jar;./libs/bcprov-jdk15on.jar;./libs/jtapi.jar • For the JTAPI plugin using BCFIPS libraries (refer above for library usage information as per the Unified Communications Manager release): ./libs/bc-fips.jar;./libs/bcpkix-fips.jar;./libs/bctls-fips.jar;./libs/jtapi.jar Even with the classpath set this way, the JTAPI security code works the same way it does now unless the application specifically requests to run in FIPS mode. To request that JTAPI run in a FIPS-compliant mode, applications must use some of the new methods that are introduced as part of this feature development and specify the new “fipsCompliant” parameter as True. For more information, see the following “Interface Changes” section. Interface Changes CiscoJtapiPeerImpl, on page 434, CiscoProvider, on page 492, and CiscoJtapiProperties, on page 435 Message Sequences No impact. Cisco Unified JTAPI Developers Guide for Cisco Unified Communications Manager, Release 15 and SUs 97 Features Supported by Cisco Unified JTAPI FIPS Compliance