This behavior ensures Federal Information Process Standards (FIPS) 140-2 compliance for a connection to an origin server.

Implementation

In this mode, Akamai edge servers present only those cipher suites from the selected cipher profile that have been validated for FIPS 140-2. Cipher suites that have not been validated for FIPS 140-2 are not presented to active clients, even if those suites are listed as part of the selected cipher profile. All current cipher profiles include at least one FIPS 140-2 validated cipher suite for ECDSA certificates, and one RSA certificate. Deprecated and end of life (EOL) cipher profiles aren't suitable for FIPS 140-2 traffic. FIPS mode requires that TLS 1.2, TLS 1.3, or both are enabled on the certificate. For details, see Update SSL/TLS cipher profiles.

To ensure end-to-end FIPS-validated traffic on Akamai’s network for the property and applications that require FIPS certification, you need to enable this setting in the Certificate Provisioning System. For assistance, contact your Akamai support team.

This behavior doesn't include any options. Specifying the behavior itself enables it.

Related topics

See the Certificate Provisioning System.