I suspect the LDAP server you are trying to connect to is offering or preferring non-FIPS algorithms. Here are some things you can check:
- Verify the ciphers configured in the ProxySG ssl-device-profile are available on LDAP server you are connecting to. If the LDAP/S server is not running in FIPS mode, you may have to manually edit its cipher list to make sure the two parties can agree on ciphers.
- Verify the CCL assigned to your ProxySG ssl-device-profile trusts the certificate chain of the LDAP/S server.
If you can't find the problem in these settings, post some more details about your environment so we can look for other possible problems.
------------------------------
Harry
------------------------------
Original Message:
Sent: Oct 10, 2023 09:52 AM
From: Charles Frederick
Subject: ProxySG FIPS mode and LDAPS
I am having an issue trying to add an LDAP realm. The proxySG is running in FIPS mode and it keeps throwing an error "% Unable to use requested ssl-device-profile: Requested setting invalid in FIPS mode". I do not see how the ssl-device-profile is not FIPs compliant. Currently running version ProxySG 7.4.1.1. Any assistance would be greatly appreciated.