Hi all. Getting ready to implement HP Server Automation in a secure environment. I need to know if the SSL communication between the various components is FIPS 140-2 compliant or if it can be implemented as such.
Specifically, processes on ports 1002 (agent), 2001 and 2003 (Core servers) and 3001 (Satellite).
I'm not really familiar with FIPS 140-2, but the connections you're talking about support TLS 1.0, which I believe is FIPS compliant and can be modified to support the hardware crypotgraphic modules that FIPS 140-2 talks about.
Some information from one of the connections:
The identity of this website has not been verified. • Server's certificate does not match the URL. • Server's certificate is not trusted. • Server's certificate is signed using a weak signature algorithm
Your connection to example.acme.com is encrypted with 128-bit encryption.
The connection uses TLS 1.0.
The connection is encrypted using RC4_128, with SHA1 for message authentication and RSA as the key exchange mechanism.
The connection does not use SSL compression.
The server does not support the TLS renegotiation extension.