Additionally, the National Security Agency is pushing a new cipher requirement standard known as Suite B. It calls for many FIPS 140-2 ciphers, but it adds a few of its own (such as Elliptical Curve Cryptography) and specifies minimum key sizes. Windows Vista and Windows Server 2008 and later support Suite B ciphers. I’m not sure what distributions of Linux and other operating systems support Suite B, but it can be inquired of each OS vendor.

Certified and compliant
There is a common confusion point between FIPS certified and FIPS compliant. Clients frequently tell me that their Web site or database application has to be FIPS certified, but what they really mean is that it needs to be FIPS compliant. FIPS certification is a laborious, long, and expensive process, where a crypto vendor submits its product to a FIPS certification lab to obtain a FIPS certification certificate. Most noncrypto vendors are expected to be FIPS compliant, which means they use and rely on other FIPS-certified products for their solution. But there is a big, costly difference between the two options.

Many security standards, including the new Federal Desktop Core Configuration requirement, insist that participating computers be FIPS compliant. For Windows, this means enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" group policy setting, which can be done in Windows XP and later. This enforces the use of FIPS-compliant ciphers, including to SSL/TLS-protected Web sites. FIPS compliancy is supported in most current BSD, Linux, Unix, Mac, and Solaris distributions, as well as the popular OpenSSL software component.

FIPS-enabled computers can only connect to Web sites with FIPS-compliant ciphers for SSL/TLS. Windows servers running IIS should also have the aforementioned FIPS group policy setting enabled, along with the appropriate digital certificates and ciphers. Unfortunately, anyone who has had to implement FIPS-compliant workstations knows that many popular Web sites are not FIPS compliant. In order for your Web server to be FIPS compliant, it needs to work with at least one cipher SSL/TLS mechanism that supports contiguous FIPS-compliant ciphers for signing, hashing, and encryption (such as RSA_3DES_SHA1). For instance, if your Web server only has ciphers involving DES, RC4, or MD5, it’s likely that it isn’t FIPS compliant.

SSLDigger, a free tool by Foundstone, is great at interrogating Web servers and revealing which ciphers the Web server does or doesn’t support. This is the tool to run if you’re in charge of making sure your Web site(s) are FIPS compliant or if you're troubleshooting an FIPS-compliant browser that's throwing a cipher error against a particular site. Unfortunately, it’s got a few bugs and doesn’t work through proxies.

Once SSLDigger has given you a list of the ciphers a Web server supports, you can compare it against the list of FIPS-accepted ciphers or against Microsoft’s FIPS-implemented ciphers.

If both the Web site and the client are FIPS compliant and you’re still having issues, a proxy device or firewall could be causing the problems. Often, intervening devices prematurely (on purpose) terminate the HTTPS connection and substitute their own noncompliant ciphers in place of the otherwise compliant end points. It will drive you crazy if you’re not expecting it as a troubleshooting point.

If Web sites fall under your control, make sure they are FIPS compliant, or soon tens of millions of customers will not be able to access them.

Whew, there you have it. FIPS servants, go forth and multiply!