For information about Globalscape, visit www.globalscape.com. |
|
|
For information about Globalscape, visit www.globalscape.com. |
|
After you enable or disable FIPS mode, you must restart the EFT service.
To enable FIPS mode for SSL Connections
In the administration interface, connect to EFT and click the Server tab.
On the Server tab, click the Server node on which you want to enable FIPS mode.
In the right pane, click the Security tab.
In the Federal Information Processing Standards (FIPS) area, select the Use FIPS certified library for SSL connections check box.
Click Apply to save the changes on EFT.
Stop and then restart the EFT service. Review the Statistics area of EFT's General tab to verify that the service started.
If the HSM has expired when you attempt to start a Site on a Server that has FIPS mode enabled, an error message appears in the administration interface, and the Server sends an error message to the Event Log.
In Internet Explorer (IE) version 6, TLS mode must be enabled for SSL communications to work. (In Internet Explorer, click Tools > Internet Options. Click the Advanced tab. Scroll to the Security settings and select the Use TLS 1.0 check box. TLS is enabled by default starting in IE7.)
When the EFT Site is started, if FIPS is enabled, a message displays the protocols in use and which of the protocols in use are FIPS certified. When you enable FIPS, the ciphers, key, and hash lengths/types that are not FIPS-approved are not available. If a FIPS-approved state cannot be achieved when FIPS is enabled, all Sites will stop, and an error is written to the Windows Event Log.
Imported certificates that were signed using non-FIPS-certified algorithms will not work in EFT when using FIPS mode. For details of converting certificates prior to importing them into EFT, refer to Using OpenSSL to Generate/Convert Keys and Certificates.
