Federation uses an SSL client when processing back channel requests. You can now configure the Identity Provider to use SSL versions TLSV1_1 and TSLV1_2 with the following ciphers:
These ciphers are supported in FIPS and non-FIPS mode.
The determination whether to use SHA256 is made at the Identity Provider. The Service Provider broadcasts the SSL versions and ciphers that it supports. The Identity Provider is configured to accept a certain set of SSL versions and ciphers. Part of the SSL handshake includes communicating using the first configured match of versions and ciphers.
SiteMinder does not have a configuration setting for selecting the required algorithm. Administrators must verify that the Identity Provider is configured appropriately.
|
Copyright © 2012 CA.
All rights reserved.
|
|