Federal Information Processing Standard (FIPS) 140-2 Module
You can install the FIPS 140-2 Module via a Security Patch.
After the FIPS 140-2 patch is installed, you can turn it On from the Settings > Configuration > General tab.
| Turning On this setting will restart OpenVPN services and cause your VPN clients to disconnect and then reconnect to the gateways. |
The FIPS 140-2 approved crypto functions are described in this Security Policy PDF. According to this document, the following algorithms that Aviatrix supports are FIPS 140-2 compliant:
| IPsec Algorithms | Value |
|---|---|
Phase 1 Authentication |
SHA-1, SHA-512, SHA-384, SHA-256 |
Phase 1 DH Groups |
2, 1, 5, 14, 15, 16, 17, 18 |
Phase 1 Encryption |
AES-256-CBC, AES-192-CBC, AES-128-CBC, 3DES |
Phase 2 Authentication |
HMAC-SHA-1, HMAC-SHA-512, HMAC-SHA-384, HMAC-SHA-256 |
Phase 2 DH Groups |
2, 1, 5, 14, 15, 16, 17, 18 |
Phase 2 Encryption |
AES-256-CBC, AES-192-CBC, AES-128-CBC, AES-128-GCM-64, AES-128-GCM-96, AES-128-GCM-128, 3DES |
SSL VPN encryption algorithm set on the server is AES-256-CBC. For OpenVPN clients running a version 2.3 or lower the negotiated algorithm would be AES-256-CBC. For OpenVPN clients running 2.4 or higher, the negotiated algorithm would be AES-256-GCM due to NCP (Negotiable Crypto Parameters).
The SSL VPN authentication algorithm is SHA512.