Enabling FIPS Mode
SSH Tectia Server can be operated in FIPS mode, using a version of the
cryptographic library that has been certified according to the Federal
Information Processing Standard (FIPS). In this mode the cryptographic
operations are performed according to the rules of the FIPS 140-2 certification
The software uses standard libraries by default - the FIPS 140-2 certified libraries
are available separately. If the FIPS certified cryptographic library has been
enabled, SSH Tectia Server will detect and use it automatically.
Note: FIPS libraries are not available on Solaris 2.5.1 or Linux platforms.
You can check the library you have by running the following command with
You can enable the
fips mode (or the
std mode) by giving
the mode as argument:
# /usr/local/sbin/ssh-crypto-library-chooser fips
Specifying an invalid mode (for example,
fips for platforms that
do not have it) returns
1 and prints an error message.