For information about Globalscape, visit www.globalscape.com.
The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. When the EFT service is started, if FIPS is enabled, a message displays which protocols are in use and which of the protocols in use are FIPS certified. When you enable FIPS, the ciphers, key lengths/types, and hash lengths/types that are not FIPS-approved are not available, and an initialization routine executes a series of startup tests that set the cryptographic module into a FIPS-approved operational state. (Toggling FIPS mode requires that you restart the EFT service.)
If a FIPS-approved state cannot be achieved when FIPS is enabled, all Sites will stop, and an error message appears in the Windows Event Log and the EFT administration interface. After you dismiss the message, the EFT administration interface closes.
If the High Security module (HSM) is not licensed, when the HSM trial expires, EFT can no longer operate in FIPS mode.
You can enable FIPS mode for:
inbound SFTP (SSH2)
inbound HTTPs/FTPs (SSL)
outbound HTTPs/FTPs (SSL) through Event Rules (except when using AWE)
outbound client SFTP (SSH2) through Event Rules
FIPS mode does not apply to:
EFT administration interface connections
SSL-based COM API connections
AWE-based HTTPs/FTPs (SSL)
AWE-based SFTP (SSH2)
AS2 inbound nor outbound transactions; SSL connections for AS2 are through HTTPS sockets, so the AS2 transaction is over a FIPS tunnel; however, the encryption within the AS2 MIME payload, is not FIPS.