We are excited to announce the release of Oracle Jipher, a Java Cryptographic Service Provider that packages a Federal Information Processing Standards (FIPS) 140-2 validated OpenSSL cryptographic module. The Jipher provider makes the cryptographic services available for Java developers using the standard Java Cryptography Architecture (JCA) framework.

JDK Cryptographic Providers

The JDK includes several cryptographic service providers, such as Sun, SunRsaSign, and SunJCE, which provide concrete implementations of cryptographic algorithms as defined by the JCA framework. These providers allow Java applications to access security algorithm implementations either by specifying a particular provider, or by letting the framework automatically locate the requested algorithm by searching through the registered providers in their specified preference order.

FIPS 140

The Federal Information Processing Standards (FIPS) of the United States are a set of standards published by the National Institute of Standards and Technology (NIST). The FIPS 140 standards define the security requirements for cryptographic modules.

The cryptographic providers included in the Java platform are not FIPS 140-validated, so enterprises or government agencies mandated to deploy their applications in FIPS 140-regulated environments previously had to look for third-party providers. However, using third-party components can result in performance trade-offs and introduce additional complexities such as contracts, costs, and support negotiations. 

Oracle Jipher

Oracle Jipher is a Java Cryptographic Service Provider that enables deployments of Java applications in FIPS 140-regulated environments. Jipher achieves this by leveraging the OpenSSL 3.x FIPS module.

Jipher is packaged as a JAR file and is available for download from Java Tools and Resources, and from MOS for Java SE users. It requires an up-to-date release of Oracle JDK 17 or 21, or GraalVM for JDK 17 or 21 and will be supported on those releases, at least until the end of Oracle JDK 17 premier support (September 2026). Jipher is made available under the Java SE OTN license. It is supported for Java SE Subscribers, and users running Java workloads in Oracle Cloud Infrastructure (OCI). For other uses, please see the Java SE Licensing FAQ.

We welcome your feedback

Oracle Jipher represents a significant advancement in our ongoing commitment to delivering robust and standards-compliant security solutions, but our work is never done. We’re already laying the groundwork for a post-quantum cryptographic future. In JDK 24, we delivered two post-quantum algorithm implementations standardized by FIPS 203 and 204, helping Java users remain ahead of the curve and protected against emerging threats. We’d love to hear from you – please share your thoughts and feedback on our cryptographic efforts, including Jipher. Be sure to check out our Java Cryptography Roadmap to learn more about our plans.

Additional Information