FIPs, or Federal Information Processing Standard is a computer security standard established by the US government. Aspera transfer servers (Enterprise Server, Connect Server, P2P) work as expected when FIPs mode is enabled.
To properly transfer with FIPs mode enabled, perform the following configuration changes.
1. Configure your transfer server for FIPs compliance
You can accomplish this either through the transfer server UI or on the command line.
In the UI, click the Configuration button. Go to the Authorization tab and scroll to the Do encrypted transfers in FIPS 140-2-certified encryption mode setting. Select Override, then change the value to true.
Alternatively, you can configure FIPs compliance on the command line.
To apply FIPS compliance for all transfers, run the following command:
asconfigurator -x "set_node_data;transfer_encryption_fips_mode,true"
To apply FIPS compliance for a specific user, run the following command:
asconfigurator -x "set_user_data;user_name,
2. Ensure your sshd_config file is configured correctly
To be FIPs compliant, your
sshd_config file should only contain ciphers and MACs from the following list:
You can check your
sshd_config file here:
C:\Program Files (x86)\Aspera\Enterprise Server\etc\sshd_config
3. (for transfer servers version 3.6.0 and below) Ensure a compatible resume option is configured
The transfer resume option configures what to check in a file before resuming interrupted transfers.
In order to be FIPs compliant, your resume option must be set to one of the following:
0: The default value, where files are always retransferred in their entirety
1: Where file attributes are matched before resuming the transfer at its stoppage point
The resume option is set with the
k option in
# ascp -k 1 ...
In a future release of Aspera transfer servers, the other resume options (which perform checksums) will use FIPs-supported algorithms and thus be available to use with FIPs mode enabled.