Mark Regan wrote: >Does FileZilla support a FIPS 140-2 connection to IBM's SFTP Server (OpenSSH)?
I don't think that quite makes sense, Mark. There is no "FIPS connection". A given cryptographic module is or is not FIPS certified. So a more meaningful question might be, "Does FileZilla have FIPS 140-2 (now 140-3, btw) certification, and if so, at what level?" The same would apply to IBM SFTP. Note that FIPS certification is quite weird, in that it can apply to specific pieces of a solution, like "the code that does the actual crypto", but not necessarily to the whole solution. Also note that most companies don't run anything in FIPS mode, because it typically results in a crippled product, where you can't do the things you actually need to do. An example might be that if FileZilla has FIPS certification, that doesn't mean anything if the other end of the connection is not also FIPS certified. FIPS certification typically costs well over $100K, so I'd be surprised if FileZilla had it. OpenSSL has FIPS versions, but barely, and only because it's so widely used, I expect. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
