FIPS transfer mode

For client-initiated file transfers using the AS2 (SSL), FTPS, HTTPS, PeSIT (SSL, legacy SSL), or SSH (SFTP and SCP) protocols, you can restrict the Axway SecureTransport Server to use only FIPS 140-2 Level 1 certified cryptographic libraries. This requires the sender and the recipient (clients and partner servers) to use only approved algorithms, ciphers, and cipher suites and assures that the entire transfer is secure at FIPS 140-2 Level 1.

Note Because Axway Secure Client firewall-friendly Tunnel Mode uses SSL v3, you cannot use it for FTPS in FIPS transfer mode.
Note On upgrade to SecureTransport 5.3.2, ciphers are added to the existing cipher sets, but no ciphers are removed from the existing cipher sets to ensure the existing configuration will continue to operate as before the upgrade. The only exception is FIPS where the new cipher sets will replace the old ones.

Also note, Oracle and IBM JREs might have different list of security ciphers so this will probably result in different list of ciphers on AIX.

For the relevant protocols, you can select Enable FIPS Transfer Mode in the Server Control page or the Add Transfer Site or Edit Transfer Site page.

For client-initiated transfers, see Manage your servers.

Note Enabling FIPS transfer mode for a protocol server causes transfers to fail if the client that uses that server does not provide the required FIPS cipher or cipher suite.

For server-initiated transfers, see Transfer sites.

Note Enabling FIPS Transfer Mode for an existing transfer site causes transfers to fail if the other server does not provide the required cipher or cipher suite.

The following topics describe the FIPS certified cryptographic libraries and list the required ciphers and cipher suites:

Related Links