VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   General (https://forums.vandyke.com/forumdisplay.php?f=11)
-   -   Why does VShell log “Not accepting FTPS connections because VShell FIPS mode is on" (https://forums.vandyke.com/showthread.php?t=14333)

bgagnon 11-02-2020 11:28 AM

Why does VShell log “Not accepting FTPS connections because VShell FIPS mode is on"
 
5 Attachment(s)
On the Windows platform, VShell’s FTPS/HTTPS implementation utilizes the SChannel crypto library native to the Windows Operating system.

Although FIPS mode may be enabled in VShell (and active for SSH/SFTP connections)…
https://forums.vandyke.com/attachmen...achmentid=2004
… FTPS/HTTPS functionality will not be allowed unless FIPS mode is also enabled in Windows.

If FIPS mode is enabled in VShell but not enabled at the operating system level within Windows, VShell’s FTPS/HTTPS logs will display a warning: Not accepting FTPS (HTTPS) connections because VShell FIPS mode is on. For example:
https://forums.vandyke.com/attachmen...achmentid=2005

An inspection of your Windows system’s local security policy will likely reveal that in the Security Options section of your Windows machine’s Local Policies, the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing option is currently Disabled.
https://forums.vandyke.com/attachmen...achmentid=2006
https://forums.vandyke.com/attachmen...achmentid=1601

To enable FIPS mode for Windows/SChannel, a Windows system admin must edit the Local Security Policy on the Windows machine where VShell is installed and enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security option.

To summarize, if FIPS mode has been enabled in VShell via an ADM template…
https://forums.vandyke.com/attachmen...achmentid=2007
…and the system level configuration has been made:
https://forums.vandyke.com/attachmen...achmentid=2008
Then the warn category message in VShell’s FTPS/HTTPS log file becomes an info category message that reads: VShell FIPS mode is enabled and the Microsoft SChannel setting for FIPS is on.


All times are GMT -6. The time now is 06:02 PM.