FIPS mode is included in the Advanced Security module in EFT Enterprise. In EFT Express, FIPS mode requires the Express Security module. If the module is not licensed, then when the trial expires, EFT can no longer operate in FIPS mode. If the module has expired when you attempt to start a Site on a Server that has FIPS mode enabled, an error message appears in the administration interface, and an error message is sent to the Event Log.
The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. When the EFT service is started, if FIPS is enabled, a message displays which protocols are in use and which of the protocols in use are FIPS certified. When you enable FIPS, the ciphers, key lengths/types, and hash lengths/types that are not FIPS-approved are not available, and an initialization routine executes a series of startup tests that set the cryptographic module into a FIPS-approved operational state.
After you enable or disable FIPS mode, you must restart the EFT server service.
If a FIPS-approved state cannot be achieved when FIPS is enabled, all Sites will stop, and an error message appears in the Windows Event Log and the EFT administration interface. After you dismiss the message, the EFT administration interface closes.
You can enable FIPS mode for:
inbound SFTP (SSH2)
inbound HTTPs/FTPs (SSL)
outbound HTTPs/FTPs (SSL) through Event Rules (except when using AWE)
outbound client SFTP (SSH2) through Event Rules
FIPS mode does not apply to:
EFT administration interface connections
SSL-based COM API connections
AWE-based HTTPs/FTPs (SSL)
AWE-based SFTP (SSH2)
AS2 inbound nor outbound transactions; SSL connections for AS2 are through HTTPS sockets, so the AS2 transaction is over a FIPS tunnel; however, the encryption within the AS2 MIME payload, is not FIPS.