FIPS transfer mode

For file transfers using the AS2 (SSL), FTPS, HTTPS, PeSIT (SSL, legacy SSL), or SSH (SFTP and SCP) protocols, you can restrict the Axway SecureTransport Server to use only FIPS 140-2 Level 1 certified cryptographic libraries. This requires the sender and the recipient (clients and partner servers) to use only approved algorithms, ciphers, and cipher suites and assures that the entire transfer is secure at FIPS 140-2 Level 1.

For a complete list of supported ciphers and algorithms that be used in FIPS mode, see Advertised ciphers and cipher suites in FIPS mode

As an administrator, you can customize the list of allowed TLS cipher suites or SSH ciphers and algorithms at the following levels:

  • per protocol server (in the server settings). For more information about client-initiated transfers, see Server control.
  • for server-initiated transfers through a specific transfer site (in the transfer site configuration)
  • for server-initiated transfers over a specific protocol (via dedicated server configuration options)
  • For more information about server-initiated transfers, see Transfer sites.
Note Because Axway Secure Client firewall-friendly Tunnel Mode uses SSL v3, you cannot use it for FTPS in FIPS transfer mode.

Also note, Oracle and IBM JREs might have different list of security ciphers so this will probably result in different list of ciphers on AIX.

The following topics describe the FIPS certified cryptographic libraries and list the FIPS compliant ciphers and cipher suites, supported by SecureTransport:

Related Links