CA EEM Getting Started › FIPS 140-2 Support › Supported Security Modes in CA EEM

Supported Security Modes in CA EEM

CA EEM supports the following modes of operation.

non-FIPS

This mode uses non-FIPS compliant techniques for cryptography. In this mode MD5 is the default algorithm that is used to encrypt and decrypt sensitive data. The CA EEM installer always install the CA EEM Server in a non-FIPS mode. In this mode, the CA EEM Server is backward compatible with the CA EEM clients. For example, you can use the CA EEM r8.4 SDK to connect to a CA EEM r8.4 SP3 Server.

FIPS-only

This mode uses only FIPS-compliant techniques for cryptography. This mode is not compatible with clients running in non-FIPS mode. You must use only CA EEM r8.4 SP3 SDK FIPS-only clients with CA EEM r8.4 SP3 Servers or later running in FIPS-only mode. In this mode, the CA EEM Server supports the following algorithms to encrypt and decrypt data:

• SHA1
• SHA256
• SHA384
• SHA512
• TLS v1.0 for communication with external LDAP directories if the LDAP connection is over TLS.

Note: SHA1 is the default algorithm.