Questions tagged [fips-140-2]
A Federal Information Processing Standard (FIPS) is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract.
25
questions
5
votes
2
answers
3k
views
SSL/TLS Cipher Priority
I am working on trying to make sense of what is required for both PCI DSS compliance as well as FIPS compliance in relation to SSL/TLS cipher suites. I have been reading the guide here and here. ...
4
votes
1
answer
987
views
FIPS "single-user mode" requirement in Microsoft Windows
In many FIPS 140-2 certificates, Windows must be placed into FIPS 140 mode as well as run in "single user mode". I am familiar with the local/group policy objects to enable FIPS mode. However, "...
3
votes
3
answers
7k
views
Configuring IIS 7.5 to be FIPS 140.2 compliant
I need to configure IIS 7.5 (Server 2008 R2) to be FIPS 140.2 compliant.
Specifically, this involves disabling all SSL protocols other than TLS 1.0.
I have set the following registry keys:
HKLM\...
2
votes
2
answers
6k
views
Test FIPS Enabled
I'm trying to test to see if FIPS-140-2 is correctly enabled with Windows Server 2016. Is there a Powershell command I could run to check if the feature is properly enabled, and not just set in the ...
2
votes
0
answers
1k
views
Is it possible to enable FIPS on Debian 8?
Is it possible to enable FIPS on Debian 8?
After googling extensively I could not any reference on how to enable FIPS in Debian 8, which leads me to believe it is not possible.
2
votes
1
answer
4k
views
Bitlocker data drive opens as read only -
I have a virtualized Windows Server 2012R2 running on ESXi 6.0 There are 2 virtual disks in this system, an unencrypted C drive for the OS and a Bitlocker encrypted D drive for data sharing. Bitlocker ...
2
votes
1
answer
634
views
How can I get Mac RDC client to connect to W2K3 after enabling FIPS support?
Recently we enabled FIPS 140-2 Encryption Algorithms on our W2K3 server per http://chadamberg.com/drupal/IISCryptography and now my Mac RDP 2.1.1 client won't connect. I get:
"Remote Desktop ...
1
vote
2
answers
667
views
Hardware Security Module (HSM) [closed]
Looking to purchase an HSM to manage private keys, and price/scalability-price is one of my main concerns. It does need to be FIPS 140-2, level 3 certified (or compliant at least) and it must be ...
1
vote
1
answer
1k
views
Run FreeRADIUS on FIPS enabled Redhat server?
I'm attempting to install a FreeRADIUS server on a RHEL 6.9 VM. This VM is operating in FIPS mode. I'm running into the problem described in a Red Hat bug report found here.
According to that bug ...
1
vote
1
answer
558
views
After enabling fips sudo stops working
On a rhel6 system I enabled fips using this guide:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-...
1
vote
1
answer
534
views
Can I configure Wndows NDES server to use Triple DES (3DES) algorithm for PKCS#7 answer encryption?
I am running SCEP client to enroll certificates on NDES server. If OpenSSL is not in FIPS mode - everything works fine.
In FIPS mode i get the following error:
pkcs7_unwrap():pkcs7.c:708] error ...
1
vote
0
answers
983
views
Problems with FIPS Mode in Adobe Acrobat Pro 2020 and Adobe Reader DC
Security requirements are such that we need to set this key depending on software:
HKCU\Software\Adobe\Adobe Acrobat\2020\AVGeneral\bFIPSMode (DWORD = 1)
KHCU\Software\Adobe\Acrobat Reader\DC\...
1
vote
0
answers
184
views
Resolving FIPS Compliance Issues with Oracle 11g
Problem
I am working with Oracle DB 11g (11.2.0.4.0 - 64bit), Jenkins, Windows PowerShell plugin, and VsTestRunner plugin to automate running unit tests. While setting this up I stumbled upon a huge ...
0
votes
5
answers
14k
views
Configuring IIS7 for TLS 1.0 only
I have been tasked with configuring an IIS7 server to accept TLS 1.0 HTTPS connections only.
I have come up with the following list of cipher suites which I have deduced are TLS 1.0.
...
0
votes
1
answer
4k
views
Build OpenSSL 1.1.1q with FIPS in RHEL 8
Is it possible to build OpenSSL 1.1.1q with Fips support in RHEL 8? In RHEL 8.6, the supported version is OpenSSL 1.1.1k FIPS. But I want to upgrade this OpenSSL to the latest.
Thank you in advance.
0
votes
1
answer
767
views
RHEL6 - Fips140-2 - Apache fails when trying to start with SSLFIPS on directive
Hello server warriors!
I have a situation where I need to make my RHEL6 system FIPS140-2 compliant...which includes apache and mod_ssl. However, after I make the server run in "fips 140 mode" Apache ...
0
votes
1
answer
2k
views
FIPS 140-2 on Windows 2012R2 with SQL 2014
I'm attempting to set my Microsoft SQL 2014 instance to use FIPS 140-2 complaint encryption as described in this KB article for SQL 2012, but it does not appear to be working. I do not see "FIPS" ...
0
votes
0
answers
69
views
Enabling FIPS mode in MySQL Server 8.036+ on Windows
I'd like to enable the FIPS mode of my MySQL 8.0.36 community server instance running on Windows. I know the ssl_fips_mode option has been deprecated as of MySQL 8.0.34 but it should still work in ...
0
votes
0
answers
231
views
Windows Server 2022 does not enable BrainpoolP256r1 ECC curve
I want to enable the ECC curve BrainpoolP256r1 on a Windows Server 2022.
expected bahavior
brainpool curve is added with enable command:
PS C:\> Get-TlsEccCurve
curve25519
NistP256
NistP384
PS C:\&...
0
votes
1
answer
2k
views
OpenSSL 3.0 generating p12 certificate issue with FIPS
I am running the OpenSSL command to generate bundle.p12 with -legacy option. RHEL 9 FIPS Enabled setup.
openssl pkcs12 -export -legacy -in cacert.pem -inkey cakey.pem -out bundle.p12
Error creating ...
0
votes
1
answer
887
views
Docker container CMAKE gives crypto/fips/fips.c:153: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE - dracut-fips crypto.fips_enabled = 1
Getting crypto/fips/fips.c:153: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE when
dracut-fips package is installed and sysctl -a shows crypto.fips_enabled = 1
Restriction: Can not disable ...
0
votes
2
answers
467
views
Group Policy Preferences item-level targeting propagation
I'm using GPPs to deliver some registry values and grabbed these using the Registry Wizard tool. This has created a collection with folder structure underneath. I want to use Item-level targeting to ...
0
votes
1
answer
1k
views
RHEL 8 Ansible playbooks not working with FIPS enabled
I have two sets of Linux VMs in a GCP (Google cloud) environment: Debian9 and RHEL8. The RHEL8 environment is FIPS-140 enabled, due to security/compliance requirements. None of our Ansible playbooks ...
-3
votes
1
answer
2k
views
Enable FIPS mode in Cisco 2911 router [closed]
Dear Michael,
I wish to know how to enable FIPS mode in Cisco 2911 router with Firmware version 15.1(4)M4?
Thanks in advance for the reply.
-5
votes
1
answer
202
views
Requirements for hosting a FIPS 140-2 level 1 application [closed]
I am making an application that needs to be FIPS 140-2 level 1 compliant (not certified).
I was wondering if there were any special requirements for the host we chose for our app server/crypto-module....