We've been trying to migrate our ssh/sftp environment, for both our
client and server users to only use FIPS-140-2 certified ciphers, and
run ICSF in FIPS mode. We've had no problems doing so, except with one
of our partners who states that their security policy will not allow
their sftp server to accept data transmitted with any CBC cipher.
I tried adding the aes-ctr ciphers to our allowed list, but it doesn't
look like ICSF can handle it, which is needed for ICSF to execute in
FIPS mode.
It seems like I'm in a unresolvable problem from a technology
standpoint, unless our partner changes their policy, which I don't
understand why they don't allow FIPS-140-2 certified ciphers to be used.
--
Mark Jacobs
Time Customer Service
Tampa, FL
----
The quiet ones are the ones that change the universe...
The loud ones only take the credit.
Londo Mollari - Babylon 5
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN