Skip to content

FIPS 140-2 Mode and Key Size Requirement in MFT 5.7.x

View some of the Frequently Asked Questions to our support staff. Included are some tips and tricks making this forum ideal for users getting started with GoAnywhere MFT. Note: Users can reply to existing topics but only our support staff can add new topics to this forum.

FIPS 140-2 Mode and Key Size Requirement in MFT 5.7.x

Post by Support_Philip »

Question:

What changes need to be made to accommodate the new FIPS provider library in MFT 5.7.x?

Answer:

When running FIPS in MFT version 5.7.0 and later, there are minimum key size requirements for RSA Keys. Any services in MFT that use SSL Certificates or SSH Keys (HTTPS, FTPS, SFTP for example) will need to utilize RSA key sizes 2048 bits or larger. You may need to create a new key pair with an RSA key that is 2048 (or higher) and replace the existing key for the service in order to be FIPS 140-2 compliant as well as adhere to the new FIPS 140-2 library. Here is an example of an RSA 2048 bit key size SSH Key, as well as SSL Certificate:
Image
Image
Philip Horn
Senior Support Analyst
e. [email protected]
p. 1-800-949-4696
w. GoAnywhere.com | HelpSystems.com
  • Support_Tim Offline
  • Posts: 35
  • Joined: Mon Dec 01, 2014 10:35 am

Re: FIPS 140-2 Mode and Key Size Requirement in MFT 5.7.x

Post by Support_Tim »

Please note: In order for your trading partners SFTP clients to get a new RSA key, you will need to disable the DSA key in the Server > Host Keys configuration. Currently, FIPS mode will not block the attempt to use a DSA key, but the connection will fail.
Post Reply