You can configure how the SystemEDGE agent handles encryption using the sysedge_fips_mode parameter. The following three methods of encryption are available:
To configure the encryption mode, add a line with the sysedge_fips_mode parameter to the sysedge.cf file as follows:
sysedge_fips_mode <method>
Specifies the type of encryption to use. The following options are available:
Enables the CA eTrust Public Key Infrastructure libraries, and if this method fails, falls back to the internal minimum security solution.
Enables FIPS compliant encryption, and if this method fails, falls back to method 0. This is the default if the parameter is not configured.
Specifies that the agent operates in FIPS only mode. This enables the RSA BSAFE Crypto-C Micro Edition FIPS compliant libraries and performs no encryption if they fail.
For example, enter the following line to run the agent using only FIPS-certified protocols and FIPS-certified libraries:
sysedge_fips_mode 2
For detailed information about how to enable FIPS encryption, see the appendix "FIPS 140-2 Encryption."
|
Copyright © 2013 CA.
All rights reserved.
|
|