topic Re: FIPS mode algorithm decryption? in General Topics

FIPS mode algorithm decryption?

KatanaNZ — Thu, 11 Aug 2011 07:12:43 GMT

The FIPS Mode notes state:

"Non-FIPS approved algorithms are not decrypted and are thus ignored during decryption"

Can someone clearify what exactly this applies to, and what is not decrypted?

Re: FIPS mode algorithm decryption?

SRA — Tue, 16 Aug 2011 00:28:32 GMT

For the SSL Decryption feature, in FIPS mode, we support the following cipher suites only:

RSA_ AES_256_CBC_SHA

RSA_AES_128_CBC_SHA

RSA_3DES_EDE_CBC_SHA

For normal mode, we support the above suites plus:

RSA_RC4_128_MD5

RSA_RC4_128_SHA

Re: FIPS mode algorithm decryption?

KatanaNZ — Tue, 16 Aug 2011 01:30:36 GMT

From what i'm reading FIPS mode specifically disables a number of less secure algorithms from even being used.

So therefor to me its logical the system wont decrypt something that I haven't even had enabled, or configured within the box.

Is the statement about non-decryption of algorithms therefor a redundant one, or referring to something else ( that's what I'm trying to confirm )

Re: FIPS mode algorithm decryption?

ncampagna — Wed, 17 Aug 2011 00:24:28 GMT

Hi KatanaNZ,

For SSL decryption of host traffic, the firewall will proxy the SSL connection between the host and the server. This comment is just a notification that the list of algorithms that can be negotiated between the firewall and the server will be limited further in FIPS mode.

Thanks,

Nick

Re: FIPS mode algorithm decryption?

KatanaNZ — Wed, 17 Aug 2011 01:14:17 GMT

Ok, thanks for that Nick