Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
Fips.png 442.4 kB 1 25-Oct-2018 04:31 Halmágyi Árpád

This page (revision-12) was last changed on 16-May-2020 02:14 by Ben Spink

This page was created on 25-Oct-2018 04:31 by Halmágyi Árpád

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 120 changed one line
Find the "fips140" and ""fips140_sftp_client" and "fips140_sftp_server" flag and change them from false to true. The plain "fips140" applies to SSL things like FTPS/FTPES/HTTPS. The others apply to SFTP client and server items.\\
Find the "fips140" and ""fips140_sftp_client" and "fips140_sftp_server" flag and change them from false to true. The plain "fips140" applies to SSL things like FTPS/FTPES/HTTPS. The others apply to SFTP client and server items. See bottom of this guide for more SFTP items that must be done.\\
At line 139 changed one line
* online updates won't work, for our update repo server is not running in FIPS compliant mode, can only use the manual update method ( from file)\\
* online updates won't work, since our server is not running in FIPS compliant mode, can only use the manual update method ( from file)\\
At line 159 added 19 lines
----
!!SFTP FIPS additional work
To get FIPS modules for SFTP, you need the BouncyCastle libraries added to the plugins/lib folder of CrushFTP.\\
[https://www.bouncycastle.org/fips_faq.html]\\
These are files like:
{{{
bc-fips-1.0.2.jar
bcmail-fips-1.0.1.jar
bcpg-fips-1.0.3.jar
bcpkix-fips-1.0.3.jar
bcpqc-addon-fips-1.0.0.jar
bctls-fips-1.0.9.jar
}}}
The SFTP port will *only* enable FIPS compatible algorithms when the port starts, and it will fail if these jars aren't there and it is unable to do so. You can no longer control your KEX and such as its locked down to the FIPS enabled items only, no controls for the server admin.
{{{
KEX: diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
KEY FORMATS: ecdsa-sha2-nistp256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
}}}
Version Date Modified Size Author Changes ... Change note
12 16-May-2020 02:14 7.853 kB Ben Spink to previous
11 16-May-2020 02:12 7.777 kB Ben Spink to previous | to last
10 27-Mar-2020 13:18 6.741 kB Ben Spink to previous | to last
9 27-Mar-2020 05:26 6.598 kB Ben Spink to previous | to last
8 27-Mar-2020 05:17 6.53 kB Ben Spink to previous | to last
7 26-Mar-2020 18:15 6.553 kB Ada Csaba to previous | to last
6 26-Mar-2020 18:11 6.251 kB Ada Csaba to previous | to last
5 25-Oct-2018 04:31 5.913 kB Ada Csaba to previous | to last
4 25-Oct-2018 04:31 5.893 kB Ada Csaba to previous | to last
3 25-Oct-2018 04:31 5.728 kB Ada Csaba to previous | to last FIPS ==> FIPS-140-2 Compliant Mode
2 25-Oct-2018 04:31 5.728 kB Ada Csaba to previous | to last
1 25-Oct-2018 04:31 5.581 kB Halmágyi Árpád to last
« This page (revision-12) was last changed on 16-May-2020 02:14 by Ben Spink
G’day (anonymous guest)
CrushFTP9 | What's New

Referenced by
LeftMenu

JSPWiki