Mark, Yes, Ported Tools OpenSSH with ICSF does not support CTR mode AES ciphers. I would ask that you submit a requirement for this.
I happen to be giving a SHARE presentation in Aneheim today which covers this. If you happen to be here, please stop and say hi. https://share.confex.com/share/122/webprogram/Session14787.html Kirk Wolf Dovetailed Technologies http://dovetail.com On Mon, Mar 10, 2014 at 10:02 AM, Mark Jacobs <[email protected]>wrote: > We've been trying to migrate our ssh/sftp environment, for both our client > and server users to only use FIPS-140-2 certified ciphers, and run ICSF in > FIPS mode. We've had no problems doing so, except with one of our partners > who states that their security policy will not allow their sftp server to > accept data transmitted with any CBC cipher. > > I tried adding the aes-ctr ciphers to our allowed list, but it doesn't > look like ICSF can handle it, which is needed for ICSF to execute in FIPS > mode. > > It seems like I'm in a unresolvable problem from a technology standpoint, > unless our partner changes their policy, which I don't understand why they > don't allow FIPS-140-2 certified ciphers to be used. > > -- > Mark Jacobs > Time Customer Service > Tampa, FL > ---- > > The quiet ones are the ones that change the universe... > The loud ones only take the credit. > > Londo Mollari - Babylon 5 > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
