Configuring Riverbed Appliances for FIPS-Compliant Cryptography
This chapter describes how to configure a Riverbed appliance to use FIPS-compliant cryptography. It includes the following sections:
You configure and manage FIPS mode through the Riverbed Command-Line Interface (CLI). This chapter assumes that you are familiar with the CLI. For detailed information about the CLI, see the Riverbed Command-Line Interface Reference Manual.
Installing the FIPS license
FIPS mode requires a FIPS license. You receive a FIPS license when you purchase the FIPS option. If you did not receive your FIPS license, contact your Riverbed Sales Representative.
To install the FIPS license
1. Connect to the CLI.
2. Enter configuration mode and add the license.
At the system prompt, enter these commands:
amnesiac > enable
amnesiac # configure terminal
amnesiac (config) # license install <license-string>
amnesiac (config) # write memory
You can enter the show licenses command to verify that you successfully installed the license on your system:
amnesiac # show licenses
Enabling FIPS mode
FIPS mode ensures the system uses only FIPS-compliant encryption algorithms.
After you install the FIPS license, you can enable FIPS mode.
Note: Before you can enable FIPS mode, you need to ensure passwords for user accounts use FIPS-compliant encryption. For details, see
Account passwords.
To enable FIPS mode
1. Connect to the CLI.
2. Enter configuration mode, enable FIPS mode, and restart the system.
At the system prompt, enter these commands:
amnesiac > enable
amnesiac # configure terminal
amnesiac (config) # fips enable
You must save the configuration and reload the system to enable FIPS mode.
amnesiac (config) # write memory
amnesiac (config) # reload
Rebooting...
amnesiac (config) #
Restarting the system initializes supported features with any FIPS-specific settings and data.
Verifying that your system uses FIPS-compliant encryption
You can verify that your system uses FIPS-compliant encryption by using the show fips status command from the CLI.
To verify that your system is FIPS compliant
1. Connect to the CLI.
2. Enter these commands:
amnesiac > enable
amnesiac # configure terminal
amnesiac (config) # show fips status
CMC Autoregistration: Should not be configured in FIPS mode.
Citrix Basic Encryption: Should not be configured in FIPS mode.
SMB2 Signing: May not comply with FIPS standard.
FIPS Mode: Enabled
The output indicates if FIPS mode is enabled and displays any warnings for features that affect FIPS compliance. If no warnings appear and FIPS mode is enabled, your system is FIPS compliant. If warnings appear, you need to make configuration changes to achieve full compliance.
Important: VSP and noncompliant SteelFusion features do not generate compliance warning messages in the SteelHead EX 3.1 and SteelFusion 2.6 releases.
You cannot review FIPS compliance from the Management Console; however, if you attempt to configure features that affect FIPS compliance through the Management Console when in FIPS mode, the web interface produces an error message warning you of the conflict.
The following section describes the features that are not FIPS compliant and how to address them.
Working with features to maintain FIPS compliance
It is the responsibility of the system administrator of the Riverbed appliance to ensure the system is FIPS compliant. Not all features can be operated in a FIPS-compliant manner and they need to be disabled when in FIPS mode. Some features can be operated in a FIPS-compliant manner by following noted guidance, and other features prevent you from entering into FIPS mode.
The system generates a warning message if you configure noncompliant features. You can view the warning messages with the show fips status command.
Important: VSP and SteelFusion features do not generate warning messages in the EX 3.1 and SteelFusion 2.6 releases.
The following sections describe configurable features that can affect FIPS compliance and describe how to resolve the warnings. The system does not prevent you from using noncompliant features in FIPS mode, but the system does warn you that they are not FIPS compliant. (The exception is account passwords; you cannot enable FIPS mode if all account passwords do not use compliant encryption.)
Note: The commands in the following sections are configuration commands. You need to enter these commands in configuration mode in the CLI. For detailed information, see the Riverbed Command-Line Interface Reference Manual.
Account passwords
FIPS compliance requires that passwords for user accounts are encrypted using an SHA256-based or SHA512-based hash. The Mobile Controller uses SHA1 for cluster communications. You cannot enable FIPS mode if any user passwords use an MD5-based hash for encryption.
In systems with RCSM, SHA512 is the default hash when creating and updating a user password. However, previous releases used MD5 encryption so when you upgrade to a software release supporting FIPS mode from a release with MD5-based passwords, the MD5 passwords remain in the configuration.
If you attempt to enter FIPS mode on a system with accounts that have MD5 passwords, you’ll see this following error:
amnesiac (config) # fips enable
% User admin has a password hashed using a non-FIPS-allowed hash.
The password(s) must be changed before FIPS mode can be enabled.
The error message identifies the user accounts that need to be updated; in this example, it’s the admin account. You must update the noncompliant passwords or delete the accounts before you can enable FIPS mode. From the CLI, enter the username password command to change passwords.
Product: SteelHead CX, SteelHead EX, SteelFusion Core, SteelFusion Edge, Interceptor, Mobile Controller
Automatic licensing
Automatic licensing is not FIPS compliant.
This feature uses AES256-MD5 instead of AES256-SHA encryption for communication between the appliance and the licensing server.
• To disable this feature, enter the following commands:
amnesiac (config) # no license autolicense enable
amnesiac (config) # no license autolicense server <server>
Enabling this feature generates a configuration warning in FIPS mode.
Product: SteelHead CX, SteelHead EX, SteelFusion Core, SteelFusion Edge, Interceptor, Mobile Controller
Blockstore
The SteelFusion Edge blockstore requires one of the following ciphers to run in FIPS mode:
• AES_128
• AES_192
• AES_256
If you configure any other type of blockstore encryption, the system will not be FIPS compliant.
Product: SteelFusion Edge
Cipher requirements
You need to use this cipher string when running in FIPS mode: TLSv1.2:kRSA:!eNULL:!aNULL
This requirement impacts SSL optimization, secure peering, and the web interface security settings.
To configure the cipher
• Enter the command web ssl cipher.
The format of the command is:
web ssl cipher TLSv1.2:kRSA:!eNULL:!aNULL
If you do not configure the required cipher string, this message appears after enabling FIPS mode or after entering the show fips status command:
Web SSL ciphers must include the elements in TLSv1.2:kRSA:!eNULL:!aNULL and may optionally delete ciphers.
This message also appears if you make any changes to the web SSL cipher.
Note: Although the cipher configuration requirement applies to all systems using the RCSM, the warning message only appears starting in SteelHead 8.6, EX 3.5, and Interceptor 4.5 software.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
Citrix optimization and encryption
Citrix optimization and Citrix SecureICA encryption are not FIPS compliant.
• To disable these features, enter these commands:
amnesiac (config) # no protocol citrix enable
amnesiac (config) # no protocol citrix secure-ica enable
amnesiac (config) # write memory
Enabling these features generates a configuration warning in FIPS mode.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge
SCC auto-registration
SCC auto-registration is not FIPS compliant.
• To disable this feature, enter these commands:
amnesiac (config) # no scc enable
amnesiac (config) # no scc hostname <host>
amnesiac (config) # write memory
Enabling this feature generates a configuration warning in FIPS mode.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
HTTP Kerberos support
HTTP Kerberos is not FIPS compliant.
• To disable this feature, enter these commands:
amnesiac (config) # no protocol http native-krb enable
amnesiac (config) # write memory
Enabling this feature generates a configuration warning in FIPS mode.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge
IPSec
IPSec is not FIPS compliant.
• To disable this feature, enter these commands:
amnesiac (config) # no ip security enable
amnesiac (config) # write memory
• To verify your IPsec settings, enter the following command:
amnesiac (config) # show ip security
IP security enabled: no
PFS enabled: yes
IKE rekeying interval: 240
Encryption policy: des <<only used if IPSEC is enabled>>
Authentication policy: hmac_md5 <<only used if IPSEC is enabled>>
Enabling IPSec triggers a configuration warning in FIPS mode.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge
iSCSI with CHAP
iSCSI with the Challenge-Handshake Authentication Protocol (CHAP) is not FIPS compliant. iSCSI with CHAPs does not use a FIPS-compliant hash algorithm.
The system does not display a warning message if you configure or operate iSCSI with CHAPs in FIPS mode.
Product: SteelFusion Core and Edge
Key size requirements
FIPS specifies three techniques for the generation and verification of digital signatures for the protection of data: the Digital Signature Algorithm (DSA), the Elliptic Curve Digital Signature Algorithm (ECDSA), and the Rivest-Shamir-Adleman (RSA) Algorithm.
FIPS includes key size requirements when running in FIPS mode. All imported and generated keys need to be these sizes:
• RSA-based and DSA-based certificates:
– 1024 bits (Mobile Controller only)
– 2048 bits
– 3072 bits
• ECDSA certificates:
– 224 bits and higher
These requirements apply to SSL optimization, SSL secure peering, and the web interface.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
SSL optimization
You need to ensure imported and generated certificates for SSL optimization adhere to FIPS size requirements and use only 1024 (for Mobile Controller), 2048, or 3072 key sizes.
To generate an SSL certificate and specify the key size
• From the command line, enter this command:
protocol ssl server-cert name <name> generate-cert rsa key-size *
• From the web interface, go to the SSL Main Settings page:
Choose Configure > Optimization > SSL Main Settings and click Add a New SSL Certificate. Specify a compliant key size for generated certificates.
If you specify a noncompliant key size, the system warns you but still generates the certificate.
To generate an SSL certificate and specify the key size for the Mobile Controller
• From the command line, enter this command:
secure-peering generate-cert rsa key-size *
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
SSL secure peering
You need to ensure imported and generated certificates for Secure Peering adhere to FIPS size requirements and use only 1024 (for Mobile Controller), 2048, or 3072 key sizes. The Mobile Controller does not support 3072-bit key sizes; only 1024-bit and 2048-bit key sizes are supported.
To generate a certificate and specify the key size for secure peering
• From the command line, enter this command:
secure-peering generate-cert rsa key-size *
You can also import certificates with the secure-peering import-cert * and
secure-peering import-cert-key * commands.
• From the web interface, go to the Secure Peering page:
Choose Configure > Optimization > Secure Peering (SSL) page and always generate RSA-based self-signed certificates.
If you specify a noncompliant key size, the system warns you but still generates the certificate.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
Web user interface
You need to ensure imported and generated certificates for the web interface adhere to FIPS size requirements and use only 1024 (Mobile Controller), 2048, or 3072 key sizes. The Mobile Controller does not support 3072-bit key sizes; only 1024-bit and 2048-bit key sizes are supported.
You manage web interface certificate keys using the web ssl cert generate key-size * command in the CLI and the Configure > Security > Web Settings page in the Management Console. These methods always generate RSA based self-signed certificates.
In addition to self-signed certificates, you can import certificates using the web ssl cert import-cert * and web ssl cert import-cert-key * commands or the Configure > Security > Web Settings page in the Management Console.
If you specify a key size that is not 1024 (Mobile Controller), 2048, or 3072 with FIPS mode enabled, the system blocks the key generation and warns that the key size is not supported in FIPS mode.
Note: Starting in v8.6.1 the key generation operation is no longer blocked. Instead, the system displays a warning message about FIPS compliance in FIPS mode.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
Lotus Notes encryption
Encryption for Lotus Notes v1 and v2 is not FIPS compliant.
• To disable this feature, enter these commands:
amnesiac (config) # no protocol notes encrypt enable
amnesiac (config) # write memory
Enabling this feature triggers a configuration warning in FIPS mode and optimization is not applied.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge
MAPI encrypted optimization
MAPI encrypted optimization is not FIPS compliant.
• To disable this feature, enter these commands:
amnesiac (config) # no protocol mapi encrypted enable
amnesiac (config) # write memory
Enabling this feature triggers a configuration warning in FIPS mode and optimization is applied.
Note: In FIPS mode, both the client-side and server-side SteelHead must be running RiOS version 9.5 (or later) for optimization of MAPI encrypted optimization connections to occur. Release prior to 9.5 do not allow MAPI encrypted optimization in FIPS mode.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge
NTP
NTP using either SHA authentication keys or no authentication keys is FIPS compliant. NTP using MD5 keys is not FIPS compliant.
If you configure an MD5 key for NTP using this command, the system generates a warning message and the system will not be FIPS compliant:
amnesiac (config) # ntp authentication key <id> type MD5 secret <secret-password>
To verify that NTP is running in FIPS mode, examine the system log when NTPD starts (this occurs whenever the NTP configuration is modified) and ensure that the NTPD entry sets FIPS mode:
Mar 18 15:49:57 amnesiac pm[4989]: [pm.NOTICE]: Launched ntpd with pid 27617
Mar 18 15:49:57 amnesiac ntpd[27617]: ntpd 4.2.6p4@1.2324-o Thu May 17 21:31:11 UTC 2012 (1)
…
Mar 18 15:49:57 amnesiac ntpd[27617]: FIPS_mode_set(1)
For more information about system logs, see
Viewing system logs.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
RADIUS and TACACS+
The RADIUS and TACACS+ protocols are not FIPS compliant. These protocols use noncompliant hash algorithms. The system displays a warning message if you configure these features in FIPS mode.
The following commands generate a configuration warning in FIPS mode:
aaa accounting per-command default tacacs+
aaa authentication [console-login | login] default [radius | tacacs+]
aaa authorization per-command default tacacs+
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
Secure transport
Secure transport is not FIPS compliant. The secure transport client starts automatically with no manual configuration required. The SCC manages the appliances participating in a secure transport group. This secure transport group is a set of SteelHeads that share the same cryptographic key material and have connectivity between each other. The following command disables the secure transport client:
amnesiac (config) # no stp-client enable
Product: SteelHead CX, SteelHead EX, SteelFusion Edge
SMB/CIFS signing
SMB signing is not FIPS compliant. SMB signed connections are not optimized in FIPS mode. Enabling this feature triggers a configuration warning in FIPS mode and optimization is not applied.
• To disable SMB signing on the SteelHead, enter the following commands:
amnesiac (config) # no protocol cifs smb signing enable
amnesiac (config) # write memory
• When FIPs is enabled, these commands are disabled by default:
protocol cifs smb signing enable
protocol smb2 signing native-krb downgrade enable
no protocol cifs smbv1-mode enable
Product: SteelHead CX, SteelHead EX, SteelFusion Edge
SMB2/3 signing
SMB2/3 signing and SMB encryption may not be FIPS compliant. If the client used NTLM authentication, it is not FIPS compliant. If the client used Kerberos authentication, it is FIPS compliant and optimization is applied.
If the client used NTLM authentication, enabling this feature triggers a configuration warning in FIPS mode. Optimization is still applied.
Starting in RiOS 9.5 (or later), when the SteelHead is in FIPS mode and SMB2/3 signing is configured to use NTLM delegation mode, authentication might fail with a “KDC has no support for encryption type” error message. You must manually configure the delegate user to support AES encryption. Open Active Directory Users and Computers on the Windows domain controller. Select the Users folder. Select and open the Properties of the delegate user. From Account > Account Options, choose support for both AES 128 and AES 256 encryption.
• To disable SMB2/3 signing on the SteelHead, enter these commands:
amnesiac (config) # no protocol smb2 signing enable
amnesiac (config) # write memory
• When FIPs is enabled, these commands are disabled by default:
protocol smb2 signing native-krb downgrade enable
no protocol cifs smbv1-mode enable
Down negotiation from SMB2/3 to SMB is disabled.
Note: In FIPS mode, both the client-side and server-side SteelHead must be running RiOS 9.5 (or later) for optimization of SMB2/3 connections to occur. Releases prior to 9.5 do not allow SMB2/3 signing optimization in FIPS mode.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge
Snapshots
Snapshots may not be FIPS compliant. The snapshot feature incorporates third-party code and compliance depends on the third-party vendor’s use of FIPS-approved ciphers.
The system does not display a warning message if you configure or operate this feature in FIPS mode.
Product: SteelFusion Core
SNMP
SNMP is FIPS compliant except if SNMP user passwords are configured with noncompliant hash algorithms. If you configure an SNMP user password with MD5 or DES protocols using the following command, the system generates a warning message and the system will not be FIPS compliant:
snmp-server user <username> password plain-text <password> [auth-protocol MD5 priv-protocol DES priv-key plain-text <password>]
To verify that SNMP runs in FIPS mode, look for entries similar to the following in the system log when SNMP starts (this occurs whenever the SNMP configuration changes) and ensure that FIPS mode is set:
Mar 18 16:05:10 amnesiac pm[4989]: [pm.NOTICE]: Launched snmpd with pid 31709
Mar 18 16:05:10 amnesiac snmpd[31709]: FIPS_mode_set(1)
…
Mar 18 16:05:10 amnesiac snmpd[31709]: NET-SNMP version 5.3.1
For more information about system logs, see
Viewing system logs.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
SSH
SSH requires the use of one of these ciphers to run in FIPS mode:
• aes128-cbc
• aes192-cbc
• aes256-cbc
• aes128-ctr
• aes192-ctr
• aes256-ctr
• 3des-cbc
Configuring any other ciphers displays a warning message and the system will not be FIPS compliant.
Note: The default ciphers for SSH are aes128-ctr, aes192-ctr, and aes256-ctr. These ciphers are FIPS compliant.
• You can configure SSH ciphers with this command:
amnesiac (config) # ssh server allowed-ciphers aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
amnesiac (config) # write memory
• To verify your SSH settings, enter this command:
amnesiac (config) # show ssh server allowed-ciphers
SSH server allowed ciphers:
---------------------------
aes128-cbc
3des-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
• To verify that SSH is running in FIPS mode, look for entries similar to the following in the syslog when a user logs in:
Mar 18 15:00:30 amnesiac sshd: FIPS_mode_set(1)
Mar 18 15:00:30 amnesiac sshd[14594]: FIPS mode initialized
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Mobile Controller
Telnet server
Telnet functionality is not FIPS compliant. Enabling this feature triggers a configuration warning in FIPS mode.
Starting with RiOS 8.6, Telnet must be disabled. If Telnet is enabled, an error message appears if you try to enable FIPS mode. If FIPS mode is enabled, the system prevents you from enabling Telnet and provides an error message.
• To disable this feature, enter these commands:
amnesiac (config) # no telnet-server enable
amnesiac (config) # no telnet-server permit-admin
amnesiac (config) # write memory
• To verify your settings, enter this command:
amnesiac (config) # show telnet-server
Telnet server enabled: no
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
Virtual Services Platform
The Virtual Services Platform (VSP), available on SteelHead EX, is not FIPS compliant.
The system does not display a warning message if you configure or operate this feature in FIPS mode.
To verify VSP settings, enter the show vsp configure command.
Product: SteelHead EX
WCCP
The WCCPv2 protocol is not FIPS compliant. This protocol uses noncompliant hash algorithms. The system displays a warning message if you configure this feature in FIPS mode.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor
Network proxy host
Network proxy host functionality for licensing is not FIPS compliant.
• To disable this feature, enter these commands:
amnesiac (config) # no network proxy host <ip-address>
amnesiac (config) # write memory
Enabling this feature triggers a configuration warning in FIPS mode.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge, Interceptor, Mobile Controller
Windows Active Directory authentication
Windows Active Directory Authentication is not FIPS compliant.
• To disable this feature on the SteelHead or SteelFusion Edge, enter these commands:
amnesiac (config) # no protocol domain-auth delegation rule dlg-only *
amnesiac (config) # no protocol domain-auth delegation rule dlg-all-except *
amnesiac (config) # write memory
Enabling this feature triggers a configuration warning in FIPS mode and the appliance will not join the domain.
Product: SteelHead CX, SteelHead EX, SteelFusion Edge
Disabling FIPS mode
If you no longer want to use FIPS mode, you can turn off this feature.
To disable FIPS mode
1. Connect to the CLI.
2. Enter configuration mode, disable FIPS mode, and restart the system.
At the system prompt, enter these commands:
amnesiac > enable
amnesiac # configure terminal
amnesiac (config) # no fips enable
You must save the configuration and reload the system to disable FIPS mode.
amnesiac (config) # write memory
amnesiac (config) # reload
Rebooting...
amnesiac (config) #
When you disable FIPS mode, the system is less restrictive and FIPS compliance configuration warnings no longer appear. Any configuration changes that you made while in FIPS mode (such as disabling certain features or setting specific ciphers) are not modified.
Upgrading to software with FIPS mode
With Riverbed products, you can upgrade an appliance from a software version without FIPS to a software version that includes RCSM and FIPS mode. For upgrades not using FIPS mode, follow the standard software upgrade instructions provided on the Riverbed Support site at https://support.riverbed.com.
When upgrading software, consider these factors:
• Baseline features are supported between peers with mixed software versions.
• Peers must be running in FIPS mode to ensure reliable application optimization support for encrypted applications.
• Maintain the configuration used with the oldest software version.
• Upgrade both peers to the same version before enabling additional features.
• Upgrade the server-side SteelHead first.
• Data store entries might not be fully compatible between older versions of RiOS.
• Riverbed recommends Interceptor appliance version 3.0 or later with SteelHead appliances with FIPS mode. (Interceptor 4.5 includes FIPS mode support.)
When upgrading the Mobile Controller, consider the following:
• Before enabling FIPS on the Mobile Controller, ensure that all client endpoints connecting to the Mobile Controller are upgraded to Mobile Client Software 4.6. After enabling FIPS on the Mobile Controller, the associated endpoints running pre-4.6 Mobile Client software silently ignore package upgrades due to hash mismatches. Therefore, Riverbed recommends that after upgrading the Mobile Controller to 4.6, allow the Mobile Controller to run in non-FIPS mode until all the endpoints are auto-upgraded by the Mobile Controller.
• In case there are client endpoints that are not auto-upgraded in the previous step, Riverbed recommends that the administrator download the SteelHead Mobile desktop package from the Mobile Controller and save it to the company infrastructure (for example to a CIFS share). The administrator can then manually distribute the package and upgrade the client endpoints to the v4.6 release.
• Pre-v4.6 client endpoints associated with a Mobile Controller in FIPS mode experience an appliance restart on every connect to the Mobile Controller or on every policy update.
• You can sort on version in the endpoint report to verify if all connected client endpoints are upgraded to v4.6. See the SteelCentral Controller for SteelHead Mobile User’s Guide for information about how to customize and view endpoint client reports.