Cryptographic algorithms in FIPS mode

The device in FIPS mode supports the following FIPS 140-2-approved cryptographic algorithms:

• Cryptographic Algorithms on the Management module
• Cryptographic Algorithms on the Extreme NetIron CER devices
• Cryptographic Algorithms on the BR-MLX-10GX4-IPSEC-M module
• Cryptographic Algorithms on the BR-MLX-10GX20-M and BR-MLX-10GX20-X2 modules

Allowed exceptions include:

• RSA Key Wrapping
• Message Digest 5 (MD5)
• Hash Message Authentication Codes - Message Digest 5 (HMAC-MD5) as used in RADIUS
• Non-Deterministic Random Number Generator (NDRNG)

The device in FIPS mode does not support the following cryptographic algorithms:

• DES
• 3-DES
• RSA 1024-bit key size
• SSH key exchange algorithm (diffie-hellman-group1-sha1)
• SNMPv1
• SNMPv2C
• SNMPv3 in noAuthNoPriv and authNoPriv security mode
• HMAC-SHA1-96