Use this procedure to require all connections to use FIPS (Federal Information Processing Standards) mode. When FIPS mode is enabled, all connections are made using security protocols and algorithms that meet FIPS 140-2 standards. In this mode, some standard connection options are not available. To successfully connect in FIPS mode, your server must support "high-encryption" capabilities.
FIPS mode allows the following security configurations:
SSL/TLS connections using 3DES (168-bit) or AES (128-bit) encryption and SHA-1 hash
Secure Shell connections using 3DES (168-bit) or AES (128, 192, or 256-bit) encryption and SHA-1 hash
This procedure requires that you first install the administrative template for Extra!. See Administer Features using Windows Group Policy.
To enable FIPS mode via Group Policy
From the command line, run Gpedit.msc.
In Windows Group Policy, under, expand .
Expandand , and then double-click .
Double-click “Require all connections to use FIPS mode”.
In the dialog box that opens, select, and then click .
Close Group Policy.
Existing sessions that are configured for FIPS mode will continue to work as expected. Existing sessions that aren't configured for FIPS mode will fail to connect. (An error message will appear in the Extra! status log.) When these session files are modified, the connection editor will automatically switch the security type to FIPS mode.
Any new sessions that are created will be limited to connections that support FIPS mode.