Enabling FIPS mode

Lee Painter

FIPS mode will restrict algorithm usage to just those algorithms included in the FIPS specifications. This results in 

  • Key exchange algorithms restricted to those that use primes >= 2048 bits.
  • Use of AES and 3DES ciphers only
  • Use of RSA keys only
  • Use of SHA1 and SHA256 macs only

 

To instruct the client to use FIPS mode call the enableFIPSMode method before creating your clients.

SshConnector con = SshConnector.createInstance();
con.enableFIPSMode();