08-11-2011 12:12 AM
The FIPS Mode notes state:
"Non-FIPS approved algorithms are not decrypted and are thus ignored during decryption"
Can someone clearify what exactly this applies to, and what is not decrypted?
08-15-2011 05:28 PM
For the SSL Decryption feature, in FIPS mode, we support the following cipher suites only:
RSA_ AES_256_CBC_SHA
RSA_AES_128_CBC_SHA
RSA_3DES_EDE_CBC_SHA
For normal mode, we support the above suites plus:
RSA_RC4_128_MD5
RSA_RC4_128_SHA
08-15-2011 06:30 PM
From what i'm reading FIPS mode specifically disables a number of less secure algorithms from even being used.
So therefor to me its logical the system wont decrypt something that I haven't even had enabled, or configured within the box.
Is the statement about non-decryption of algorithms therefor a redundant one, or referring to something else ( that's what I'm trying to confirm )
08-16-2011 05:24 PM
Hi KatanaNZ,
For SSL decryption of host traffic, the firewall will proxy the SSL connection between the host and the server. This comment is just a notification that the list of algorithms that can be negotiated between the firewall and the server will be limited further in FIPS mode.
Thanks,
Nick
08-16-2011 06:14 PM
Ok, thanks for that Nick
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
