1. In our application for tls handshake, we are using tomcat 10.1.44 server along with JDK 17.0.3+7.

In our application, we observed that in non fips mode using tls1.2/ tls1.3 protocol, session tickets were sent, but not in fips mode where we are using bcfips-2.0.1 , bctls-fips-2.0.20, bcutil-fips-2.0.3 and bcpkix-fips-2.0.8 jars.

Is it expected behavior? Didn't find any supporting statements saying that in fips mode session tickets are not sent for any reasons.

2. In non fips there is this property javax.net.debug in jvm.properties which would give us details on the handshake in catalina.out file , but in fips this property is not working. we tried some other ones from online related to BCJSSE which didn't work (very few details observed).

To enable fips we are setting bcfips, bcjsse providers as 1st and 2nd priority in java.security file.

Please let me know if any other details are required.

Your response will help us in narrowing down the issue and work on the actual ones.