跳转到主内容

归档:升级到ONTAP 9.11.1RC1会导致FIPS 140-2合规性管理配置未经过验证

Views:
4
Visibility:
Internal
Votes:
2
Category:
ontap-9
Specialty:
core
Last Updated:

    

归档请求者:Matt Trudewind
归档原因:9.11.1中的OpenSSL模块最近获得了FIPS验证、因此KB不再有效。

 

适用场景

  • ONTAP 9.11.1RC1
  • FIPS模式
  • FIPS 140-2
  • TLS
  • HTTPS
  • SSL

问题描述

  • 发布时、ONTAP 9.11.1RC1中的OpenSSL FIPS模块正在NIST的加密模块验证计划(CMVP)中等待FIPS 140-2验证。  
  • 如果您的环境需要经过FIPS 140-2验证的FIPS模块、则在验证过程完成之前、不建议使用ONTAP 9.11.1RC1。

 

在ONTAP 9.11.1RC1集群中、要确定是否已启用FIPS模式、请在高级特权级别运行此命令:

security config show

示例:

::> set -privilege advanced

::*> security config show
 
Cluster    Supported
FIPS Mode  Protocols Supported Cipher Suites
---------- --------- ----------------------------------------------------------
true       TLSv1.3,  TLS_RSA_WITH_AES_128_CCM, TLS_RSA_WITH_AES_128_CCM_8,

  • 如果 集群FIPS模式为true、则适用本文所述的FIPS 140-2验证问题描述。
  • 如果 集群FIPS模式为false、则本文中所述的FIPS 140-2验证问题描述不适用

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

This is an internal KB article and its content should not be copy/pasted and shared with people outside of NetApp. Always seek Duty Manager authentication of caller for password reset requests. If you need further assistance post a question in Knowledge Xchange
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.