If you are operating in the FIPS-140-3 mode, refer to FIPS Mode Security Restrictions to see the complete list of restrictions applicable for the upgrade from any pre-10.1.3 SBC version.
In the section:
The SBC supports the FIPS-140-3 mode. This feature enhances the FIPS Object Module of the SBC. It introduces known answer tests for cryptographic algorithms FFC (Diffie-Hellman), SSH-KDF, and TLS-KDF for the new FIPS standard FIPS-140-3 to perform known answer tests during the Power-On Self Tests (POSTs). These tests are added to the OpenSSL FIPS object module implementation.
% set system admin <SYSTEM NAME> fips-140-3 mode <disabled | enabled>
Parameter | Description |
---|---|
fips-140-3 mode | Use this object to enable FIPS-140-3 mode.
NOTE: Once you enable the fips-140-3 mode, you cannot manually disable it. A fresh software installation is required to set the FIPS-140-3 mode back to 'disabled'. |
set system admin vsbcSystem fips-140-3 mode enabled