THE INFORMATION IN THIS ARTICLE APPLIES TO:
- Secure FTP Server--FIPS, v3.3.x
- For information about FIPS in EFT, refer to SFTP FIPS in the help documentation.
GlobalSCAPE's Secure FTP Server--FIPS can be configured to use FIPS-compliant ciphers and algorithms for FTPS/HTTPS (SSL) and (in Secure FTP Server--FIPS v3.3.7 and later) SFTP (SSH) connections.
The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the security requirements of cryptographic modules used to protect sensitive information. Secure FTP Server supports operation with the FIPS 140-2 compliant GlobalSCAPE Cryptographic Module (GSCM) for SSL/TLS and certificate generation and the FIPS-compliant version of Crypto++ for inbound SFTP (SSH) connections. The FIPS 140-2 compliant GlobalSCAPE Cryptographic Module (GSCM) is based on the openssl-fips-1.1.1 FIPS source and the openssl-0.9.7m project. If FIPS is not enabled, the non-FIPS SSL version of OpenSSL 0.9.8h is used.
Certificates created in prior versions of Secure FTP Server (e.g., imported certificates that were signed using non-FIPS compliant algorithms) will not work in Secure FTP Server when using FIPS mode. (Certificates must use SHA-1.) For details of converting certificates prior to importing them into Secure FTP Server, refer to "Using OpenSSL to Generate/Convert Keys and Certificates" in the help documentation.
When the Server service is started, if FIPS is enabled, a message displays which protocols are in use and which of the protocols in use are FIPS compliant. When you enable FIPS, the ciphers, key lengths/types, and hash lengths/types that are not FIPS-compliant are not available, and an initialization routine executes a series of startup tests that set the cryptographic module into a FIPS-compliant operational state.
When you enable FIPS, the ciphers, key, and hash lengths/types that are not FIPS-compliant are not available. If a FIPS-compliant state cannot be achieved when FIPS is enabled, all Sites will stop, and an error is written to the Windows Event Log and the Secure FTP Server Administrator interface. After you dismiss the message, the Secure FTP Server Administrator interface closes.
Secure FTP Server uses the following ciphers for SSH2:
3DES, AES128, and AES256-cbc for symmetric encryption
hmac-sha1 for message authentication
DSA or RSA
Secure FTP Server uses one of the following three cipher combinations during SSL/TLS negotiation:
TLS 1.0 RSA Key Exchange, RSA Authentication, 256 bit AES encryption, and SHA1 HMAC
TLS 1.0 RSA Key Exchange, RSA Authentication, 168 bit 3DES encryption, and SHA1 HMAC
TLS 1.0 RSA Key Exchange, RSA Authentication, 128 bit AES encryption, and SHA1 HMAC
The use of the SHA1 HMAC is TLS 1.0 specific. By limiting the algorithms, we force use of TLS 1.0 in Secure Server. For more info on why FIPS requires TLS 1.0, refer to http://www.mail-archive.com/openssl-users%40openssl.org/msg54318.html.
The order of preference, as listed above, is provided by Secure FTP Server to the SSL client (e.g., the Administrator interface or CuteFTP). During SSL negotiation, the SSL client is allowed to select its preferred combination from this list. By default, the SSL client typically picks the highest common denominator. Secure FTP Server allows only these three cipher combinations; the algorithms cannot be NULL. FIPS certifies both DSA and RSA for digital signature generation and verification, but only allows RSA for key wrapping. Since SSL requires key wrapping, when Secure FTP Server is in FIPS mode, only RSA can be used. Per FIPS requirements for RSA key wrapping, the Server enforces a minimum key length of 1024 bits and a maximum key length of 4096 bits. If the Server requires SSL certificates from connected clients, those certificates must also use SHA-1.