Enabling FIPS Mode
SSH Tectia Server can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS). In this mode the cryptographic operations are performed according to the rules of the FIPS 140-2 certification standard.
The software uses standard libraries by default - the FIPS 140-2 certified libraries are available separately. If the FIPS-certified cryptographic library has been enabled, SSH Tectia Server will detect and use it automatically.
For a list of platforms on which the FIPS library has been validated or tested, see SSH Tectia Client/Server Product Description.
You can check the library you have by running the following command with no arguments:
You can enable the
fips mode (or the
std mode) by giving the mode as argument:
# /usr/local/sbin/ssh-crypto-library-chooser fips
Specifying an invalid mode (for example,
fips for platforms that do not have it) returns
1 and prints an error message.