Warning

If you are operating in the FIPS-140-3 mode, refer to FIPS Mode Security Restrictions to see the complete list of restrictions applicable for the upgrade from any pre-10.1.3 SBC version.

In the section:

Related articles:

The SBC supports the FIPS-140-3 mode. This feature enhances the FIPS Object Module of the SBC. It introduces known answer tests for cryptographic algorithms FFC (Diffie-Hellman), SSH-KDF, and TLS-KDF for the new FIPS standard FIPS-140-3 to perform known answer tests during the Power-On Self Tests (POSTs). These tests are added to the OpenSSL FIPS object module implementation.

Command Syntax

% set system admin <SYSTEM NAME> fips-140-3 mode <disabled | enabled>

Command Parameters

Parameter

Description

fips-140-3 mode

Use this object to enable FIPS-140-3 mode.

  • disabled (default)
  • enabled 

NOTE: Once you enable the fips-140-3 mode, you cannot manually disable it. A fresh software installation is required to set the FIPS-140-3 mode back to 'disabled'.

Configuration Example

set system admin vsbcSystem fips-140-3 mode enabled