You can configure how the agent should treat its encryption using the sysedge_fips_mode parameter in the sysedge.cf file.
The options for the sysedge_fips_mode parameter are as follows:
Indicates non-FIPS mode. The agent enables the CA eTrust Public Key Infrastructure libraries, and if this method fails, it uses basic built-in encryption and authentication protocols that are based on the non-certified FIPS code.
Indicates FIPS co-existence mode. The agent tries to use FIPS-certified encryption and authentication protocols using FIPS-certified libraries. However, if FIPS-certified libraries could not be located or if the agent fails to load these libraries, the agent's functionality falls back to using the non-FIPS compliant CA eTrust Public Key Infrastructure libraries. This is the default mode if sysedge_fips_mode is not configured.
Indicates FIPS only mode. Only FIPS-certified encryption and authentication code and protocols are supported, and all of the non-certified FIPS code and protocols are disallowed. No encryption is performed if the FIPS libraries fail.
Example
Add the following line to the sysedge.cf file to run the agent in FIPS only mode:
sysedge_fips_mode 2
|
Copyright © 2013 CA.
All rights reserved.
|
|