Cisco Cisco Email Security Appliance C170 Guía Del Usuario
24-3
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 24 FIPS Management
Switching the Appliance to FIPS Mode
Switching the Appliance to FIPS Mode
Use the
fipsconfig
CLI command to switch the appliance over to FIPS mode.
Note
Only administrators can use this command. A reboot is required after switching the appliance from
non-FIPS mode to FIPS mode.
non-FIPS mode to FIPS mode.
Before You Begin
Make sure that the appliance do not have any objects that are not FIPS compliant, for example, a DKIM
verification profile with a key size of 512 bits. To enable FIPS mode, you must modify all the
non-FIPS-compliant objects to meet FIPS requirements. See
verification profile with a key size of 512 bits. To enable FIPS mode, you must modify all the
non-FIPS-compliant objects to meet FIPS requirements. See
. For instructions to check if your appliance contains non-FIPS-compliant objects, see
Procedure
mail.example.com> fipsconfig
FIPS mode is currently disabled.
Choose the operation you want to perform:
- SETUP - Configure FIPS mode.
- FIPSCHECK - Check for FIPS mode compliance.
[]> setup
To finalize FIPS mode, the appliance will reboot immediately. No commit will be required.
Are you sure you want to enable FIPS mode and reboot now ? [N]> y
Do you want to enable encryption of sensitive data in configuration file when FIPS mode is
enabled? Changing the value will result in system reboot [N]> n
Enter the number of seconds to wait before forcibly closing connections.
[30]>
System rebooting. Please wait while the queue is being closed...
Closing CLI connection.
Rebooting the system...
KEX Algorithms
diffie-hellman-group-exchange-sha256,
diffie-hellman-group-exchange-sha1,
diffie-hellman-group14-sha1,
diffie-hellman-group1-sha1
RSA Identifiers and Host Keys
2048
DSA Identifiers and Host Keys
2048
CiscoSSL
Method
TLSv1
Ciphers
AES256-SHA,
AES128-SHA,
DES-CBC3-SHA