Skip to main content

Questions tagged [fips-140-2]

A Federal Information Processing Standard (FIPS) is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract.

Filter by
Sorted by
Tagged with
5 votes
2 answers
3k views

SSL/TLS Cipher Priority

I am working on trying to make sense of what is required for both PCI DSS compliance as well as FIPS compliance in relation to SSL/TLS cipher suites. I have been reading the guide here and here. ...
John's user avatar
  • 2,276
4 votes
1 answer
987 views

FIPS "single-user mode" requirement in Microsoft Windows

In many FIPS 140-2 certificates, Windows must be placed into FIPS 140 mode as well as run in "single user mode". I am familiar with the local/group policy objects to enable FIPS mode. However, "...
logicalscope's user avatar
3 votes
3 answers
7k views

Configuring IIS 7.5 to be FIPS 140.2 compliant

I need to configure IIS 7.5 (Server 2008 R2) to be FIPS 140.2 compliant. Specifically, this involves disabling all SSL protocols other than TLS 1.0. I have set the following registry keys: HKLM\...
tomfanning's user avatar
  • 3,388
2 votes
2 answers
6k views

Test FIPS Enabled

I'm trying to test to see if FIPS-140-2 is correctly enabled with Windows Server 2016. Is there a Powershell command I could run to check if the feature is properly enabled, and not just set in the ...
HyTC's user avatar
  • 23
2 votes
0 answers
1k views

Is it possible to enable FIPS on Debian 8?

Is it possible to enable FIPS on Debian 8? After googling extensively I could not any reference on how to enable FIPS in Debian 8, which leads me to believe it is not possible.
nfryas's user avatar
  • 21
2 votes
1 answer
4k views

Bitlocker data drive opens as read only -

I have a virtualized Windows Server 2012R2 running on ESXi 6.0 There are 2 virtual disks in this system, an unencrypted C drive for the OS and a Bitlocker encrypted D drive for data sharing. Bitlocker ...
user323936's user avatar
2 votes
1 answer
634 views

How can I get Mac RDC client to connect to W2K3 after enabling FIPS support?

Recently we enabled FIPS 140-2 Encryption Algorithms on our W2K3 server per http://chadamberg.com/drupal/IISCryptography and now my Mac RDP 2.1.1 client won't connect. I get: "Remote Desktop ...
William Jens's user avatar
1 vote
2 answers
667 views

Hardware Security Module (HSM) [closed]

Looking to purchase an HSM to manage private keys, and price/scalability-price is one of my main concerns. It does need to be FIPS 140-2, level 3 certified (or compliant at least) and it must be ...
ActiveX's user avatar
  • 27
1 vote
1 answer
1k views

Run FreeRADIUS on FIPS enabled Redhat server?

I'm attempting to install a FreeRADIUS server on a RHEL 6.9 VM. This VM is operating in FIPS mode. I'm running into the problem described in a Red Hat bug report found here. According to that bug ...
dutsnekcirf's user avatar
1 vote
1 answer
558 views

After enabling fips sudo stops working

On a rhel6 system I enabled fips using this guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-...
aseq's user avatar
  • 4,680
1 vote
1 answer
534 views

Can I configure Wndows NDES server to use Triple DES (3DES) algorithm for PKCS#7 answer encryption?

I am running SCEP client to enroll certificates on NDES server. If OpenSSL is not in FIPS mode - everything works fine. In FIPS mode i get the following error: pkcs7_unwrap():pkcs7.c:708] error ...
O.Shevchenko's user avatar
1 vote
0 answers
983 views

Problems with FIPS Mode in Adobe Acrobat Pro 2020 and Adobe Reader DC

Security requirements are such that we need to set this key depending on software: HKCU\Software\Adobe\Adobe Acrobat\2020\AVGeneral\bFIPSMode (DWORD = 1) KHCU\Software\Adobe\Acrobat Reader\DC\...
The ITea Guy's user avatar
1 vote
0 answers
184 views

Resolving FIPS Compliance Issues with Oracle 11g

Problem I am working with Oracle DB 11g (11.2.0.4.0 - 64bit), Jenkins, Windows PowerShell plugin, and VsTestRunner plugin to automate running unit tests. While setting this up I stumbled upon a huge ...
Brandon's user avatar
  • 111
0 votes
5 answers
14k views

Configuring IIS7 for TLS 1.0 only

I have been tasked with configuring an IIS7 server to accept TLS 1.0 HTTPS connections only. I have come up with the following list of cipher suites which I have deduced are TLS 1.0. ...
tomfanning's user avatar
  • 3,388
0 votes
1 answer
4k views

Build OpenSSL 1.1.1q with FIPS in RHEL 8

Is it possible to build OpenSSL 1.1.1q with Fips support in RHEL 8? In RHEL 8.6, the supported version is OpenSSL 1.1.1k FIPS. But I want to upgrade this OpenSSL to the latest. Thank you in advance.
user1631072's user avatar
0 votes
1 answer
767 views

RHEL6 - Fips140-2 - Apache fails when trying to start with SSLFIPS on directive

Hello server warriors! I have a situation where I need to make my RHEL6 system FIPS140-2 compliant...which includes apache and mod_ssl. However, after I make the server run in "fips 140 mode" Apache ...
Mike Broyles's user avatar
0 votes
1 answer
2k views

FIPS 140-2 on Windows 2012R2 with SQL 2014

I'm attempting to set my Microsoft SQL 2014 instance to use FIPS 140-2 complaint encryption as described in this KB article for SQL 2012, but it does not appear to be working. I do not see "FIPS" ...
BrianCanFixIT's user avatar
0 votes
0 answers
69 views

Enabling FIPS mode in MySQL Server 8.036+ on Windows

I'd like to enable the FIPS mode of my MySQL 8.0.36 community server instance running on Windows. I know the ssl_fips_mode option has been deprecated as of MySQL 8.0.34 but it should still work in ...
uwe's user avatar
  • 1
0 votes
0 answers
231 views

Windows Server 2022 does not enable BrainpoolP256r1 ECC curve

I want to enable the ECC curve BrainpoolP256r1 on a Windows Server 2022. expected bahavior brainpool curve is added with enable command: PS C:\> Get-TlsEccCurve curve25519 NistP256 NistP384 PS C:\&...
fabsenet's user avatar
  • 101
0 votes
1 answer
2k views

OpenSSL 3.0 generating p12 certificate issue with FIPS

I am running the OpenSSL command to generate bundle.p12 with -legacy option. RHEL 9 FIPS Enabled setup. openssl pkcs12 -export -legacy -in cacert.pem -inkey cakey.pem -out bundle.p12 Error creating ...
user1631072's user avatar
0 votes
1 answer
887 views

Docker container CMAKE gives crypto/fips/fips.c:153: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE - dracut-fips crypto.fips_enabled = 1

Getting crypto/fips/fips.c:153: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE when dracut-fips package is installed and sysctl -a shows crypto.fips_enabled = 1 Restriction: Can not disable ...
AKS's user avatar
  • 115
0 votes
2 answers
467 views

Group Policy Preferences item-level targeting propagation

I'm using GPPs to deliver some registry values and grabbed these using the Registry Wizard tool. This has created a collection with folder structure underneath. I want to use Item-level targeting to ...
jshizzle's user avatar
  • 371
0 votes
1 answer
1k views

RHEL 8 Ansible playbooks not working with FIPS enabled

I have two sets of Linux VMs in a GCP (Google cloud) environment: Debian9 and RHEL8. The RHEL8 environment is FIPS-140 enabled, due to security/compliance requirements. None of our Ansible playbooks ...
Robert Campbell's user avatar
-3 votes
1 answer
2k views

Enable FIPS mode in Cisco 2911 router [closed]

Dear Michael, I wish to know how to enable FIPS mode in Cisco 2911 router with Firmware version 15.1(4)M4? Thanks in advance for the reply.
1909's user avatar
  • 1
-5 votes
1 answer
202 views

Requirements for hosting a FIPS 140-2 level 1 application [closed]

I am making an application that needs to be FIPS 140-2 level 1 compliant (not certified). I was wondering if there were any special requirements for the host we chose for our app server/crypto-module....
TheCatWhisperer's user avatar