EFT v7.3.x

Contents
Index

FIPS-Compliant Libraries

The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. When the EFT service is started, if FIPS is enabled, a message displays which protocols are in use and which of the protocols in use are FIPS compliant. When you enable FIPS, the ciphers, key lengths/types, and hash lengths/types that are not FIPS-approved are not available, and an initialization routine executes a series of startup tests that set the cryptographic module into a FIPS-approved operational state. (Toggling FIPS mode requires that you restart the EFT service.)

If a FIPS-approved state cannot be achieved when FIPS is enabled, all Sites will stop, and an error message appears in the Windows Event Log and the EFT administration interface. After you dismiss the message, the EFT administration interface closes.

If the High Security module (HSM) is not licensed, when the HSM trial expires, EFT can no longer operate in FIPS mode.

You can enable FIPS mode for:

inbound SFTP (SSH2)
inbound HTTPs/FTPs (SSL)
outbound HTTPs/FTPs (SSL) through Event Rules (except when using AWE)
outbound client SFTP (SSH2) through Event Rules (v6.1 and later)

FIPS mode does not apply to:

AWE-based HTTPs/FTPs (SSL)
AWE-based SFTP (SSH2)
AS2 inbound nor outbound transactions

The SSL connections for AS2 are through HTTPS sockets, so the AS2 transaction is over a FIPS tunnel; however, the encryption within the AS2 MIME payload, is not FIPS.

For FTPS/HTTPS (SSL) Connections

Imported certificates that were signed using non-FIPS compliant algorithms will not work in EFT when using FIPS mode. For details of converting certificates prior to importing them into EFT, refer to Using OpenSSL to Generate/Convert Keys and Certificates.

Enabling FIPS for SFTP (SSH) Connections

When the EFT service is started, if FIPS is enabled, a message displays the protocols in use and which of the protocols in use are FIPS compliant. When you enable FIPS, the ciphers, key, and hash lengths/types that are not FIPS-approved are not available. If a FIPS-approved state cannot be achieved when FIPS is enabled, all Sites will stop, and an error is written to the Windows Event Log.

If this help topic did not help you, search the Knowledgebase.

For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

For information about Globalscape, visit www.globalscape.com, subscribe to our blog, or follow us on Twitter.

Last modified: February 24, 2017 at 4:32 PM

This online help file is for EFT v7.3.x. For other versions, please refer to http://help.globalscape.com/help/index.html.

(If the Index and Contents are hidden, click Show Contents pane in the top left corner of this topic.)