ssl-nist-compliance
Use the ssl-nist-compliance stanza entry in the [rtss-cluster:<cluster>] stanza to enable or disable NIST SP800-131A compliance for runtime security services SOAP communication.
ssl-nist-compliance = {yes|no}Description
Enable or disable NIST SP800-131A compliance for runtime security services SOAP communication.
Enabling NIST SP800-131A compliance results in the following automatic configuration:
- Enables FIPS mode processing. When NIST SP800-131A compliance is enabled, FIPS mode processing is enabled regardless of the setting for the [rtss-cluster:<cluster>] ssl-fips-enabled configuration entry.
- Enables TLS v1.2. TLS v1 and TLS v1.1 are not disabled.
- Enables the appropriate signature algorithms.
- Set the minimum RSA key size to 2048 bytes.
If this ssl-nist-compliance configuration entry is not present, WebSEAL uses the global nist-compliance setting in the [ssl] stanza.
Options
yes A value of yes enables NIST SP800-131A compliance. no A value of no disables NIST SP800-131A compliance.
Usage: Optional
Default: no
Example:
ssl-nist-compliance = noParent topic: [rtss-cluster:<cluster>] stanza