By default, the IIS 6.0 Web Server does not support the AES cipher suites. As a result, attempts to establish a back channel connection using only AES ciphers fail when running in FIPS-Only mode.
Workaround
To use AES cipher (non-FIPS 140) certificates for the back channel while running in FIPS-only mode, apply the following Windows update to add support for the AES cipher suites in Windows Server 2003:
http://support.microsoft.com/kb/948963/en-us
If you require a fully compliant FIPS-only environment, use only back channel certificates that are compatible with FIPS 140.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |