Re: FIPS 140-2: HP Server Automation (278 Views)
Reply
Occasional Contributor
mullinsss
Posts: 3
Registered: ‎10-18-2012
Message 1 of 3 (310 Views)
Accepted Solution

FIPS 140-2: HP Server Automation

Hi all.  Getting ready to implement HP Server Automation in a secure environment.  I need to know if the SSL communication between the various components is FIPS 140-2 compliant or if it can be implemented as such.

 

Specifically, processes on ports 1002 (agent), 2001 and 2003 (Core servers) and 3001 (Satellite).

 

Thanks in advance.

 

-Steve

Trusted Contributor
sjmh
Posts: 52
Registered: ‎08-03-2012
Message 2 of 3 (290 Views)

Re: FIPS 140-2: HP Server Automation

Hey Steve,

 

I'm not really familiar with FIPS 140-2, but the connections you're talking about support TLS 1.0, which I believe is FIPS compliant and can be modified to support the hardware crypotgraphic modules that FIPS 140-2 talks about. 

 

Some information from one of the connections:

 

The identity of this website has not been verified.
• Server's certificate does not match the URL.
• Server's certificate is not trusted.
• Server's certificate is signed using a weak signature algorithm

 

Your connection to example.acme.com is encrypted with 128-bit encryption.

The connection uses TLS 1.0.

The connection is encrypted using RC4_128, with SHA1 for message authentication and RSA as the key exchange mechanism.

The connection does not use SSL compression.

The server does not support the TLS renegotiation extension.

 

 

Hope this helps somewhat.

Occasional Contributor
mullinsss
Posts: 3
Registered: ‎10-18-2012
Message 3 of 3 (278 Views)

Re: FIPS 140-2: HP Server Automation

Thanks sjmh.  I found from HP that the product uses openSSL.  Hp is currently creating a release with 140-2 compliant encryption implemented.  I guess look for that coming soon.

 

-Steve

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.