Oracle has introduced Oracle Jipher, a new cryptographic service provider designed to enhance Java security by integrating a FIPS 140-2 validated OpenSSL cryptographic module. This development aims to provide Java developers with access to high-assurance cryptographic services through the familiar Java Cryptography Architecture (JCA) framework. Released on April 29, Jipher is available as a JAR file downloadable from Java Tools and Resources and My Oracle Support for Java SE users.
Traditionally, the Java Development Kit (JDK) includes providers such as Sun, SunRsaSign, and SunJC, which implement various cryptographic algorithms as defined by the JCA framework. While these providers enable Java applications to leverage cryptographic functions, they do not meet FIPS 140-2 validation standards, which are crucial for compliance in regulated environments. The National Institute of Standards and Technology (NIST) publishes FIPS 140 standards to define the security requirements necessary for cryptographic modules, making them essential for sensitive or government-related applications.
Oracle Jipher fills this critical gap by enabling Java applications to operate within FIPS 140-regulated environments. It accomplishes this by leveraging the OpenSSL 3.x FIPS module, which brings robust cryptographic compliance to the Java ecosystem. However, to use Jipher, developers must be running an up-to-date Oracle JDK 17 or JDK 21 release, or the corresponding versions of GraalVM. This module is offered under the Java SE OTN license and is supported for Java SE subscribers as well as users running workloads on Oracle Cloud Infrastructure.
This release marks an important milestone in Oracle’s ongoing efforts to enhance security standards for Java users. Earlier this year, with the launch of JDK 24, Oracle also incorporated post-quantum cryptographic algorithms standardized by FIPS 203 and FIPS 204, addressing the looming threat posed by quantum computing to classical cryptography. Oracle Jipher now complements these efforts by delivering a FIPS-validated cryptographic foundation that strengthens Java’s security posture across a wide range of enterprise and cloud environments.