What is FIPS 140?
FIPS 140 (Federal Information Processing Standard 140) is a U.S. government security standard that defines
requirements for cryptographic modules used to protect sensitive information. It is published by NIST
(National Institute of Standards and Technology) and is required for U.S. federal agencies and widely adopted
in regulated industries (healthcare, finance, defense)
What is the difference between FIPS 140-2 and FIPS 140-3?
| Area | FIPS 140-2 | FIPS 140-3 |
| Published | 2001 | 2019 (effective 2022) |
| Based on | NIST- proprietary | ISO/IEC 19790 (internationally aligned) |
| SHA-1 | Allowed in most contexts | Disallowed for digital signatures |
| 3DES | Allowed | Disallowed |
| MD5 | Allowed | Disallowed |
| ED25519/ED448 | No restriction | Disallowed in FIPS mode |
| Minimum RSA key size | 1024-bit (legacy) | 2048-bit required |
| Side-channel resistance | Not required | Required (power/timing attack mitigations) |
| Self-test requirements | Basic | Expanded pre-operational and conditional tests |
| Algorithm agility | Module-level | Provider-level (more flexible) |
Summary: FIPS 140-3 is stricter, eliminates weaker/legacy algorithms, aligns with international standards, and requires stronger cryptographic implementations overall.
Why did Cerberus migrate from FIPS 140-2 to FIPS 140-3?
1. FIPS 140-2 is being sunset.
NIST stopped accepting new FIPS 140-2 validations in September 2021. Existing certificates expire September 2026. After that, FIPS 140-2 will no longer be a valid compliance standard.
2. OpenSSL 3.X.
Cerberus upgraded to OpenSSL 3.x, which uses a FIPS provider model validated against FIPS 140-3. There is no FIPS 140-2 module for OpenSSL 3.x — FIPS 140-3 is the only option going forward.
Does FIPS 140-3 provide stronger security than FIPS 140-2?
Yes, FIPS 140-3 does provide stronger security than FIPS 140-2. Here are the key improvements:
- Eliminates weak algorithms: SHA-1 signatures, 3DES, MD5, and small RSA keys are no longer allowed
- Stronger key exchange: curve25519 and legacy DH groups are replaced by NIST P-curves and strong DH groups
- Side-channel mitigations: implementations must resist timing and power analysis attacks
- Stricter self-tests: the cryptographic module must pass more rigorous integrity and operational tests on startup
Cerberus-Specific Questions
What changed in Cerberus when FIPS 140-3 mode is enabled?
Algorithms removed (no longer allowed in FIPS mode):
| Category | Removed Algorithms |
| SSH Key Exchange | curve25519, curve448, diffie-hellman-group14-sha1, dh-group-exchange-sha1 |
| SSH/SFTP Ciphers | 3DES-CBC |
| SSH MACs | HMAC-SHA1, HMAC-SHA1-96 |
| SSH Host Key Algorithms | ssh-rsa (SHA-1 signing) |
| Key Types | ED25519, ED448 (SSH keys, TLS certificates, SFTP uploads) |
| Hashing | MD5 (FTP HASH command, SFTP checksum) |
Algorithms approved and enforced in FIPS mode:
| Category | Approved Algorithms |
| SSH Key Exchange | ECDH-SHA2 (P-256/P-384/P-521), DH-group16-sha512, DH-group18-sha512, DHgroup-exchange-sha2 |
| SSH/SFTP Ciphers | AES-256-GCM, AES-128-GCM, AES-256-CTR, AES-192-CTR, AES-128-CTR |
| SSH MACs | HMAC-SHA2-256, HMAC-SHA2-512, HMAC-SHA2-256-ETM, HMAC-SHA2-512-ETM |
| SSH Host Key Algorithms | rsa-sha2-256, rsa-sha2-512, ecdsa-sha2-nistp256/384/521 |
| TLS 1.3 Ciphers | TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256 |
| Key Types | RSA 2048+, ECDSA (P-256/P-384/P-521) |
| Hashing | SHA-256, SHA-512 |
Will my existing FIPS 140-2 configuration carry over after upgrading?
Yes. Cerberus automatically migrates your FIPS setting during upgrade. If FIPS 140-2 was enabled before the upgrade, FIPS 140-3 mode will be enabled automatically — no manual reconfiguration required.
Do I need to do anything after upgrading to keep FIPS compliance?
You may need to review client configurations. If any SFTP/FTPS clients connecting to Cerberus were using algorithms that are no longer allowed (e.g., 3DES, HMAC-SHA1, ED25519 keys, ssh-rsa), those clients will need to be updated to use FIPS-approved algorithms. Cerberus will reject connections that negotiate non-approved algorithms when FIPS mode is active.
My SFTP client can no longer connect after upgrading. What should I check?
When FIPS mode is enabled, connections using any of the following will be rejected:
- Key exchange: curve25519-sha256, diffie-hellman-group14-sha1
- Ciphers: 3des-cbc
- MACs: hmac-sha1, hmac-sha1-96
- Host key algorithms: ssh-rsa (SHA-1)
- Client authentication keys: ED25519 or ED448 type
Resolution: Update the client to use AES ciphers, HMAC-SHA2 MACs, ECDSA or RSA-SHA2 host key verification, and RSA 2048+ or ECDSA P-curve authentication keys.
Does Cerberus still support TLS 1.2 in FIPS 140-3 mode?
Yes, TLS 1.2 is supported in FIPS mode, but only with FIPS-approved cipher suites (AES-based, SHA-2 MACs). TLS 1.3 is also supported and recommended, as its cipher suite list is inherently FIPS-compliant.
Where can I enable or disable FIPS 140-3 mode in Cerberus?
FIPS mode is toggled in the Cerberus GUI or Web Administration under Server Manager > Security tab > General > Enable FIPS 140-3. It requires a restart of the Cerberus FTP Server Windows Service to take effect.
Is FIPS 140-3 required for U.S. federal compliance?
For U.S. federal agencies and contractors subject to FISMA, FedRAMP, or DoD requirements: FIPS 140-3 is the current valid standard. FIPS 140-2 certificates will remain technically valid until September 2026, but new procurements and certifications now require 140-3. For other regulated industries (HIPAA, PCI-DSS, finance): FIPS 140-3 is accepted and in many cases preferred or required by updated compliance frameworks. Check with your compliance officer for specifics.
Comments
0 comments
Article is closed for comments.