The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. When the EFT Server service is started, if FIPS is enabled, a message displays which protocols are in use and which of the protocols in use are FIPS compliant. When you enable FIPS, the ciphers, key lengths/types, and hash lengths/types that are not FIPS-approved are not available, and an initialization routine executes a series of startup tests that set the cryptographic module into a FIPS-approved operational state. (Toggling FIPS mode requires that you restart the EFT Server service.)
If a FIPS-approved state cannot be achieved when FIPS is enabled, all Sites will stop, and an error message appears in the Windows Event Log and the EFT Server Administrator interface. After you dismiss the message, the EFT Server Administrator interface closes.
If the HS module is not licensed, when the HS module trial expires, EFT Server can no longer operate in FIPS mode.
You can enable FIPS mode for:
inbound SFTP (SSH2)
inbound HTTPs/FTPs (SSL)
outbound HTTPs/FTPs (SSL) through Event Rules (except when using AWE).
FIPS mode does not apply to:
AWE-based HTTPs/FTPs (SSL)
AWE-based SFTP (SSH2)
AS2 inbound nor outbound transactions
EFT Server supports operation with the FIPS 140-2 Validated GlobalSCAPE Cryptographic Module (GSCM) for SSL/TLS and certificate generation. FIPS 140-2 validated GlobalSCAPE Cryptographic Module (GSCM) is based on the openssl-fips-1.1.1 FIPS source and the openssl-0.9.7m project. If FIPS is not enabled, the non-FIPS SSL version of OpenSSL 0.9.8h is used.
For more information about certification of the GlobalSCAPE Cryptographic Module (GSCM), refer to the Module Validation List on the National Institute of Standard and Technology (NIST) Website at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#908. The GSCM’s certificate number is 908.
Certificates created in prior versions of the EFT Server or Secure FTP Server (imported certificates that were signed using non-FIPS compliant algorithms) will not work in EFT Server version 6 when using FIPS mode. (Certificates must use SHA-1.) For details of converting certificates prior to importing them into EFT Server, refer to Using OpenSSL to Generate/Convert Keys and Certificates.
EFT Server uses one of the following three cipher combinations during SSL/TLS negotiation:
TLS 1.0 RSA Key Exchange, RSA Authentication, 256 bit AES encryption, and SHA1 HMAC
TLS 1.0 RSA Key Exchange, RSA Authentication, 168 bit 3DES encryption, and SHA1 HMAC
TLS 1.0 RSA Key Exchange, RSA Authentication, 128 bit AES encryption, and SHA1 HMAC
The use of the SHA1 HMAC is TLS 1.0 specific. By limiting the algorithms, we force use of TLS 1.0 in EFT Server. For more info on why FIPS requires TLS 1.0, refer to the following link:
The order of preference, as listed above, is provided by EFT Server to the SSL client (e.g., the Administrator interface or CuteFTP). During SSL negotiation, the SSL client is allowed to select its preferred combination from this list. By default, the SSL client typically picks the highest common denominator. EFT Server allows only these three cipher combinations; the algorithms cannot be NULL. FIPS certifies both DSA and RSA for digital signature generation and verification, but only allows RSA for key wrapping. Since SSL requires key wrapping, when EFT Server is in FIPS mode, only RSA can be used. Per FIPS requirements for RSA key wrapping, EFT Server enforces a minimum key length of 1024 bits and a maximum key length of 4096 bits.
If EFT Server requires SSL certificates from connected clients, those certificates must also use SHA-1.
EFT Server uses the FIPS-certified version of Crypto++ for inbound and outbound SFTP (SSH) connections.
When the EFT Server service is started, if FIPS is enabled, a message displays the protocols in use and which of the protocols in use are FIPS compliant. When you enable FIPS, the ciphers, key, and hash lengths/types that are not FIPS-approved are not available. If a FIPS-approved state cannot be achieved when FIPS is enabled, all Sites will stop, and an error is written to the Windows Event Log.
SSH2 uses the following ciphers:
3DES, AES128, and AES256-cbc for symmetric encryption
hmac-sha1 for message authentication
DSA (1024 bits only) or RSA (1024, 2048, and 4096)