FIPS mode algorithm decryption?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

FIPS mode algorithm decryption?

L3 Networker

The FIPS Mode notes state:

"Non-FIPS approved algorithms are not decrypted and are thus ignored during decryption"

Can someone clearify what exactly this applies to, and what is not decrypted?

4 REPLIES 4

L4 Transporter

For the SSL Decryption feature, in FIPS mode, we support the following cipher suites only:

RSA_ AES_256_CBC_SHA

RSA_AES_128_CBC_SHA

RSA_3DES_EDE_CBC_SHA

For normal mode, we support the above suites plus:

RSA_RC4_128_MD5

RSA_RC4_128_SHA

From what i'm reading FIPS mode specifically disables a number of less secure algorithms from even being used.

So therefor to me its logical the system wont decrypt something that I haven't even had enabled, or configured within the box.

Is the statement about non-decryption of algorithms therefor a redundant one, or referring to something else ( that's what I'm trying to confirm )

Palo Alto Networks Guru

Hi KatanaNZ,

For SSL decryption of host traffic, the firewall will proxy the SSL connection between the host and the server.  This comment is just a notification that the list of algorithms that can be negotiated between the firewall and the server will be limited further in FIPS mode.

Thanks,

Nick

Ok, thanks for that Nick

  • 3156 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!