The configuration guide is no longer being updated. Please refer to the CloudVision Help Center going forward.

NGINX in FIPS mode

During the initialization of a FIPS-enabled CloudVision cluster, the nginx-fips image will be loaded. The image runs in FIPS mode by default and restricts the TLS version to v1.2 and the cipher suites to FIPS-approved ciphers.

NGINX will accept the following FIPS-approved ciphers from a client:

  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-AES256-SHA
  • AES256-GCM-SHA384
  • AES256-SHA256
  • AES256-SHA
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES128-SHA
  • AES128-GCM-SHA256
  • AES128-SHA256
  • AES128-SHA