Although FIPS mode removes most non-FIPS compliant algorithms from the JCA security providers list, a small subset of non-FIPS
algorithms remain. In some cases, this is for compatibility with older systems (for example, to decrypt old BOG files). In
other cases, Java needs specific non-FIPS-compliant algorithms, for example to load and verify security providers.
These algorithms remain available, but should be used only to upgrade an older system that uses non-FIPS algorithms.
Signatures
For example, you can decrypt using the Blowfish cipher, but you cannot encrypt with it.