Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
Fips.png 442.4 kB 1 25-Oct-2018 04:31 Halmágyi Árpád

This page (revision-12) was last changed on 16-May-2020 02:14 by Ben Spink

This page was created on 25-Oct-2018 04:31 by Halmágyi Árpád

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 120 changed one line
locate and set the fips140 and change it from false to true. Same for fips140_sftp_client value.
Find the "fips140" and ""fips140_sftp_client" flag and change them from false to true.\\
At line 122 changed 2 lines
After this step, before restarting the service, log in into the Webinterface as the main admin, navigate to Preferences->Encryption->SSL page
enter into the "Keystore Location" field the "PKCS11" literal (without the quotes), supply the PKCS11 token password, if any set in Step 2.
After this step, before restarting the service, log in into the Webinterface as the main admin, navigate to Preferences->Encryption->SSL page, and enter into the "Keystore Location" field the "PKCS11" literal value (without the quotes). Enter the PKCS11 token password, if any set in Step 2.\\
At line 125 changed one line
If this is Java 13, you can force "TLSv1.3" in both. Save.\\
If this is Java 13, you can force "TLSv1.3" in both instead. Save. (TLSv1.3 only works starting in Java 13+.)\\
At line 133 changed one line
Normally, all SSL ports should come on line after this step ( HTTPS, FTPES, FTPS ), can test with a client application. SSL cypher assessment should reveal now only FIPS-140-2 compliant ciphers.
Normally, all SSL ports should come on line after this step ( HTTPS, FTPES, FTPS ), can test with a client application. SSL cypher assessment should reveal now only FIPS-140-2 compliant ciphers.\\
At line 136 changed one line
Warning: At this point the HTTPS port may go offline, if token password was incorrect, or the PKCS11 token bad, etc., make sure there is an plain HTTP port available for administration. In case the java.security config file has syntax errors, the Crush service may not come on line at all.
Warning: At this point the HTTPS port may go offline, if token password was incorrect, or the PKCS11 token bad, etc., make sure there is an plain HTTP port available for administration. In case the java.security config file has syntax errors, the Crush service may not come on line at all. \\
----
Running in FIPS mode has a few drawbacks:\\
At line 138 removed 2 lines
Running in FIPS mode has a few drawbacks:
At line 145 changed one line
----
Version Date Modified Size Author Changes ... Change note
12 16-May-2020 02:14 7.853 kB Ben Spink to previous
11 16-May-2020 02:12 7.777 kB Ben Spink to previous | to last
10 27-Mar-2020 13:18 6.741 kB Ben Spink to previous | to last
9 27-Mar-2020 05:26 6.598 kB Ben Spink to previous | to last
8 27-Mar-2020 05:17 6.53 kB Ben Spink to previous | to last
7 26-Mar-2020 18:15 6.553 kB Ada Csaba to previous | to last
6 26-Mar-2020 18:11 6.251 kB Ada Csaba to previous | to last
5 25-Oct-2018 04:31 5.913 kB Ada Csaba to previous | to last
4 25-Oct-2018 04:31 5.893 kB Ada Csaba to previous | to last
3 25-Oct-2018 04:31 5.728 kB Ada Csaba to previous | to last FIPS ==> FIPS-140-2 Compliant Mode
2 25-Oct-2018 04:31 5.728 kB Ada Csaba to previous | to last
1 25-Oct-2018 04:31 5.581 kB Halmágyi Árpád to last
« This page (revision-12) was last changed on 16-May-2020 02:14 by Ben Spink
G’day (anonymous guest)
CrushFTP9 | What's New

Referenced by
LeftMenu

JSPWiki