HTTPS

The following HTTPS operations are affected in the FIPS approved mode:

• The web-management https command is maintained and offers equivalent functionality to the disabled web-management http command. Note that in addition to port 443, port 280 is also open for access by HP ProCurve Manager. You can disable this port using the no web-management hp-top-tools command.
• The web-management allow-no-password command is disabled.
• The ip ssl certificate-data-file tftp command is disabled when TFTP operation is disabled in FIPS mode. SCP supports functionality of the command. Refer to SCP.
• The ip ssl private-key-file tftp command is disabled when TFTP operation is disabled in FIPS mode. SCP supports the functionality of this command. Refer to SCP.
• SSL version 3 and earlier versions are disabled and TLS 1.1 or later versions are enabled.
• RC4 in TLS is disabled.
• RSA (PKCS #1 v2.1), or ECDSA (ANSI X9.62) for signature generation and verification.