Not applicable
940 views

Framework Manager SHA2 Signature Algorithm Support

We were told that the current PAM v3.2 & v3.5 use SHA1 Signature Algorithm in communication between Framework Manager & Agent.

As SHA1 signature algorithm is being classified as a weak hash algorithm, we would like to use SHA256 or stronger algorithm in the communication between Framework Manager & Agent. We would like to know if we can generate & sign SHA256 or stronger algorithm & import into the Framework Manager & Agent.
0 Likes
1 Reply
rsudipta Absent Member.
Absent Member.

Re: Framework Manager SHA2 Signature Algorithm Support

We are adding FIPS support in PAM 3.6, which among other things, will improve the Signing Algorithm to SHA256. The FIPS mode will be off by default and you can enable it if you require. When you upgrade your Framework Manager to 3.6, you have to wait for your agents to go for re-registration (that happens in every 2 days by default). While re-registering, agents will learn about the FIPS mode and auto-renew their certificates and will be signed using SHA256 for PAM communication via port 29120.

For fresh installation (PAM 3.6), after you install your primary PAM Manager, you have to enable your FIPS mode before you go for your agent deployment and licensing. In such case, your hosts will renew their certificates for PAM communication via port 29120 and they will automatically be signed using SHA256.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.