Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

The Federal Information Processing Standard (FIPS) 140 is a publicly announced standard developed 
jointly by the United States and Canadian federal governments specifying requirements for 
cryptographic modules that are used by government agencies to protect sensitive but unclassified 
information. The Cisco IronPort Email Security appliance uses the CiscoSSL Cryptographic Toolkit to 
achieve FIPS 140-2 Level 1 complaince.

The CiscoSSL Cryptographic Toolkit is a a GGSG-approved cryptography suite that includes Cisco SSL, 
which is an enhanced version of OpenSSL’s FIPS support, and the FIPS-compliant Cisco Common 
Cryptography Module. The Cisco Common Cryptography Module is a software library that Email 
Security appliance uses for FIPS-validated cryptographic algorithms for protocols such SSH.

The Email Security appliance uses CiscoSSL and FIPS-compliant certificates for communication when 
the appliance is in FIPS mode. See 

 for more 

information. 

As part of FIPS compliance, AsyncOS for Email does not support SSH version 1.

To be FIPS Level 1 compliant, the Email Security appliance makes the following changes to your 
configuration:

SMTP receiving and delivery. Incoming and outgoing SMTP conversations over TLS between a 
public listener on the Email Security appliance and a remote host use TLS version 1 and FIPS cipher 
suites. You cannot change these values using 

sslconfig

 when in FIPS mode. TLS v1 is the only 

version of TLS supported in FIPS mode.