Fips Mode; Fips Mode For Media Encryption With Srtp; Configuring Fips Mode On The Phone - Konftel 800 Installation & Administration

SETTINGS CONFIGURATION AND MANAGEMENT

FIPS MODE

Konftel 800 supports a specific FIPS mode to make the encryption and
cryptographic functions compliant with Federal Information Processing Standards
(FIPS). When you enable FIPS mode, the phone employs approved key exchange
algorithms, cryptographic algorithms and authentication techniques to meet the
FIPS 140-2 requirements.
When Konftel 800 needs cryptographically secure numbers, it uses random
number generator functions from FIPS 140-x compliant cryptographic libraries. A
specific FIPS approved random number generator renders cryptographic number
initialization vectors.
With FIPS mode enabled, the device management with HTTPS server occurs
using the SSL encryption method.
By default, FIPS mode is disabled.
If you configure the phone to allow legacy encryption, you cannot enable FIPS
mode. You will see a popup message: FIPS mode cannot be enabled
while Allow Legacy Encryption is enabled.
If you configure the phone to use 802.1x with EAP MD5, you cannot enable
FIPS mode. The phone warns you with a message: FIPS mode cannot be
enabled while 802.1x with EAP MD5 is enabled.
Related concepts
Standard encryption for 802.1x
Legacy encryption mode

FIPS mode for media encryption with SRTP

When the key exchange for media encryption with SRTP occurs with FIPS mode
enabled, Konftel 800 supports only one mandatory crypto
AES_256_CM_HMAC_SHA1_80.
The conference phone supports only the same mandatory crypto
AES_256_CM_HMAC_SHA1_80 when both
are disabled.
Encryption
When the administrator disables
, Konftel 800 supports only AES_CM_128_HMAC_SHA1_80 for media
Encryption
encryption with SRTP.

Configuring FIPS mode on the phone

Use this procedure to configure FIPS mode of your Konftel 800 on the phone.
on page 78
on page 81
FIPS Mode
FIPS Mode
83
and
Allow Legacy
and enables
Allow Legacy