| IPsec Algorithms | Value |
|---|---|
| Phase 1 Authentication | SHA-1, SHA-512, SHA-384, SHA-256 |
| Phase 1 DH Groups | 2, 1, 5, 14, 15, 16, 17, 18 |
| Phase 1 Encryption | AES-256-CBC, AES-192-CBC, AES-128-CBC, 3DES |
| Phase 2 Authentication | HMAC-SHA-1, HMAC-SHA-512, HMAC-SHA-384, HMAC-SHA-256 |
| Phase 2 DH Groups | 2, 1, 5, 14, 15, 16, 17, 18 |
| Phase 2 Encryption | AES-256-CBC, AES-192-CBC, AES-128-CBC, AES-128-GCM-64, AES-128-GCM-96, AES-128-GCM-128, 3DES |
General
Federal Information Processing Standard (FIPS) 140-2 Module
You can install the FIPS 140-2 Module via a Security Patch.
After the FIPS 140-2 patch is installed, you can turn it On from the Settings > Configuration > General tab.
The FIPS 140-2 approved crypto functions are described in this Security Policy PDF. According to this document, the following algorithms that Aviatrix supports are FIPS 140-2 compliant:
SSL VPN encryption algorithm set on the server is AES-256-CBC. For OpenVPN clients running a version 2.3 or lower the negotiated algorithm would be AES-256-CBC. For OpenVPN clients running 2.4 or greater, the negotiated algorithm would be AES-256-GCM due to NCP (Negotiable Crypto Parameters).
The SSL VPN authentication algorithm is SHA512.