Server Automation Practitioners Forum
Showing results for 
Search instead for 
Do you mean 

FIPS 140-2: HP Server Automation

SOLVED
Go to Solution
Highlighted
Occasional Contributor

FIPS 140-2: HP Server Automation

Hi all.  Getting ready to implement HP Server Automation in a secure environment.  I need to know if the SSL communication between the various components is FIPS 140-2 compliant or if it can be implemented as such.

 

Specifically, processes on ports 1002 (agent), 2001 and 2003 (Core servers) and 3001 (Satellite).

 

Thanks in advance.

 

-Steve

2 REPLIES
Respected Contributor

Re: FIPS 140-2: HP Server Automation

Hey Steve,

 

I'm not really familiar with FIPS 140-2, but the connections you're talking about support TLS 1.0, which I believe is FIPS compliant and can be modified to support the hardware crypotgraphic modules that FIPS 140-2 talks about. 

 

Some information from one of the connections:

 

The identity of this website has not been verified.
• Server's certificate does not match the URL.
• Server's certificate is not trusted.
• Server's certificate is signed using a weak signature algorithm

 

Your connection to example.acme.com is encrypted with 128-bit encryption.

The connection uses TLS 1.0.

The connection is encrypted using RC4_128, with SHA1 for message authentication and RSA as the key exchange mechanism.

The connection does not use SSL compression.

The server does not support the TLS renegotiation extension.

 

 

Hope this helps somewhat.

Occasional Contributor

Re: FIPS 140-2: HP Server Automation

Thanks sjmh.  I found from HP that the product uses openSSL.  Hp is currently creating a release with 140-2 compliant encryption implemented.  I guess look for that coming soon.

 

-Steve