HP Onboard Administrator User Manual

Introduction 23

NOTE:

When running a version of Onboard Administrator firmware earlier than version 3.70

with Strong Encryption mode enabled, if you update the firmware to version 3.70 or later, an

entry might be logged to the Onboard Administrator syslog indicating that the Onboard
Administrator is operating in FIPS Mode. This syslog entry ("FIPS: OA is operating in FIPS

Mode On") is incorrect and can be ignored.

FIPS Mode and Encryption settings

OA 3.60
Encryption

Normal

OA 3.60
Encryption

Strong

OA 3.70
FIPS

Mode

OFF

OA 3.70
FIPS Mode

ON

OA 4.11
OA 4.20
FIPS Mode

ON

OA 4.11
OA 4.20
FIPS Mode

OFF

General Security Items

CSPs Zeroization

NO

NO

NO

YES

YES

NO

Known Answer Tests
(KATs)

NO

NO

NO

YES

YES

NO

Power-up tests

NO

NO

NO

YES

YES

YES

Continuous PRNG testing NO

NO

NO

YES

YES

YES

Minimum Password
Length required

3

3

3

8

8

3

Require Password

Complexity (upper, lower,

symbols)

NO

NO

NO

YES

YES

NO

FIPS compatible PRNG
(X9.31)

NO

NO

YES

YES

YES

YES

Telnet service disabled

NO

NO

NO

1

YES

YES

NO

1

Enclosure IP Mode
disabled

NO

NO

NO

YES

YES

NO

Support Dump disabled

NO

NO

NO

YES

YES

NO

SNMPv1 and SNMPv2

services disabled

NO

NO

NO

YES

YES

NO

Partition Integrity
Checking

NO

NO

YES

YES

YES

YES

Requires Insight Display
LCD PIN

NO

NO

NO

YES

YES

NO

SSL Encryption

Default SSL Key Size

2048

2048

2048

2048

2048

2048

Default self-signed

certificate Hash Signature
algorithm

SHA1

SHA1

SHA256

SHA256

SHA256

SHA256

Configurable SSL hash

signature algorithms on
self signed certificate

NO

NO

YES

YES

YES

YES

SSL Protocols

SSLv3
TLSv1

SSLv3
TLSv1

SSLv3
TLSv1

TLSv1

TLSv1
TLSv1.1

TLSv1.2

SSLv3
TLSv1

TLSv1.1

TLSv1.2

Reject Certificates with
non FIPS Hash Signature

Algorithms

2

NO

NO

NO

YES

YES

NO