NGINX in FIPS mode
During the initialization of a FIPS-enabled CloudVision cluster, the nginx-fips image will be loaded. The image runs in FIPS mode by default and restricts the TLS version to v1.2 and the cipher suites to FIPS-approved ciphers.
NGINX will accept the following FIPS-approved ciphers from a client:
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA
- AES256-GCM-SHA384
- AES256-SHA256
- AES256-SHA
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA
- AES128-GCM-SHA256
- AES128-SHA256
- AES128-SHA