SP800-131a in Transition Mode
SP800-131a is implemented in 2 modes, transition vs. strict mode. With SP800-131a Transition mode, the follow is recommended by is not enforced by SecurePlus:
- FIPS mode must be enabled - DES and RC2 cipher algorithms are disabled.
- MD5 signature algorithms are disabled.
- RSA and DSA certificates with key length less than 1024-bits are disabled.
- Support for TLSV1.2 is enabled.
- TLSV1.3 is allowed. SSL, TLSV1.0 and TLSV1.1 are allowed but will be removed in a future release. SSL, TLSV1.0 and TLSV1.1 should be disabled.
- Non-compliant TLS cipher suites are disabled.