Server Automation Practitioners Forum

FIPS 140-2: HP Server Automation

Go to solution
Regular Contributor.

FIPS 140-2: HP Server Automation

Hi all.  Getting ready to implement HP Server Automation in a secure environment.  I need to know if the SSL communication between the various components is FIPS 140-2 compliant or if it can be implemented as such.


Specifically, processes on ports 1002 (agent), 2001 and 2003 (Core servers) and 3001 (Satellite).


Thanks in advance.



Honored Contributor.

Re: FIPS 140-2: HP Server Automation

Hey Steve,


I'm not really familiar with FIPS 140-2, but the connections you're talking about support TLS 1.0, which I believe is FIPS compliant and can be modified to support the hardware crypotgraphic modules that FIPS 140-2 talks about. 


Some information from one of the connections:


The identity of this website has not been verified.
• Server's certificate does not match the URL.
• Server's certificate is not trusted.
• Server's certificate is signed using a weak signature algorithm


Your connection to is encrypted with 128-bit encryption.

The connection uses TLS 1.0.

The connection is encrypted using RC4_128, with SHA1 for message authentication and RSA as the key exchange mechanism.

The connection does not use SSL compression.

The server does not support the TLS renegotiation extension.



Hope this helps somewhat.

Regular Contributor.

Re: FIPS 140-2: HP Server Automation

Thanks sjmh.  I found from HP that the product uses openSSL.  Hp is currently creating a release with 140-2 compliant encryption implemented.  I guess look for that coming soon.