SP800-131a in Strict Mode

SP800-131a Strict mode will enforce these restrictions and if any parameter is outside of those parameter the SSL/TLS handshake will fail:
  • FIPS mode must be enabled - DES, RC2 and two-key Triple DES cipher algorithms are disabled
  • MD5 and SHA1 signature algorithms are disabled
  • RSA and DSA certificates with key length less than 2048-bits are disabled
  • EC certificates with key length less than 224-bits are disabled
  • Protocol must be TLSV1.2
  • TLSV1.3 is disabled. SSL, TLSV1.0 and TLSV1.1 are disabled and with the release of version 6.3, these 3 protocols are no longer available for selection