Reference Guide
24|
Aruba 3000, 6000/M3 Mobility Controller FIPS 140-2 Level 2 Security Policy
23
IPSec session
authentication keys
HMAC-SHA-1 (160
bits)
Established during the
IPSec service
implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
User authentication
24 SSHv2 session keys AES (128/196/256 bits)
Established during the
SSHv2 key exchange
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
Secure SSHv2 traffic
25
SSHv2 session
authentication key
HMAC-SHA-1 (160-bit)
Established during the
SSHv2 key exchange
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
Secure SSHv2 traffic
26 TLS pre-master secret 48 byte secret Externally generated
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
TLS key agreement
27
TLS session
encryption key
AES 128/192/256 bits
Generated in the
module during the TLS
service implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
TLS session
encryption
28
TLS session
authentication key
HMAC-SHA-1/256/384
(160/256/384 bits)
Generated in the
module during the TLS
service implementation
Stored in plaintext in
volatile memory.
Zeroized when the
session is closed.
TLS session
authentication
29 RSA Private Key
RSA 2048 bit private
key
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized by
the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake, used for
signing OCSP
responses, and used
by IKEv1/IKEv2 for
device authentication
and for signing
certificates
30 RSA Public key
RSA 2048 bit public
key
Generated in the
module
Stored in flash
memory encrypted
with KEK. Zeroized by
the CO command
write erase all.
Used by TLS and
EAP-TLS/PEAP
protocols during the
handshake, used for
signing OCSP
responses, and used
by IKEv1/IKEv2 for
device authentication
and for signing
certificates