FIPS 140-2 Mode and Key Size Requirement in MFT 5.7.x

View some of the Frequently Asked Questions to our support staff. Included are some tips and tricks making this forum ideal for users getting started with GoAnywhere MFT. Note: Users can reply to existing topics but only our support staff can add new topics to this forum.
2 posts Page 1 of 1

Support_Philip

User avatar
Site Admin
Posts: 47
Joined: Wed Jun 21, 2017 8:12 am

Post by Support_Philip » Mon Jun 18, 2018 2:53 pm
Question:

What changes need to be made to accommodate the new FIPS provider library in MFT 5.7.x?

Answer:

When running FIPS in MFT version 5.7.0 and later, there are minimum key size requirements for RSA Keys. Any services in MFT that use SSL Certificates or SSH Keys (HTTPS, FTPS, SFTP for example) will need to utilize RSA key sizes 2048 bits or larger. You may need to create a new key pair with an RSA key that is 2048 (or higher) and replace the existing key for the service in order to be FIPS 140-2 compliant as well as adhere to the new FIPS 140-2 library. Here is an example of an RSA 2048 bit key size SSH Key, as well as SSL Certificate:
Image
Image
Philip Horn
Senior Support Analyst
e. philip.horn@helpsystems.com
p. 1-800-949-4696
w. GoAnywhere.com | HelpSystems.com

Support_Tim

Posts: 34
Joined: Mon Dec 01, 2014 10:35 am

Post by Support_Tim » Fri Jun 05, 2020 5:20 pm
Please note: In order for your trading partners SFTP clients to get a new RSA key, you will need to disable the DSA key in the Server > Host Keys configuration. Currently, FIPS mode will not block the attempt to use a DSA key, but the connection will fail.
2 posts Page 1 of 1