global.dat
The global.dat configuration file is separate for each user account. It
is located in the user account's Application Data\SSH directory
(for example C:\Documents and Settings\username\Application Data\SSH).
FIPS Mode
SSH Tectia Client can optionally be operated in FIPS mode, using a version
of the cryptographic library that has been certified according to the Federal
Information Processing Standard (FIPS) 140-2. In this mode, the cryptographic
operations are performed according to the rules of the FIPS 140-2 certification.
The software uses standard libraries by default - the FIPS-140-2
certified libraries are available separately. For a list of platforms on
which the FIPS library has been validated or tested, see SSH Tectia
Client/Server Product Description.
Using the FIPS-certified library version can be controlled by
editing the global.dat configuration file. Locate the FIPS mode=N: setting (under the [Security] heading), and edit
the digit after the colon (:) accordingly (0 for FIPS mode off, 1 for
on).
FIPS mode=N:1
This setting affects the GUI client (only). See Section
ssh2_config for instructions on using the
FIPS mode with the command-line client.
RSA Certificate Hash Scheme
Older SSH Secure Shell clients and servers used hashes in an incoherent manner
(sometimes MD5, sometimes SHA-1). It is possible to set the hash scheme used by
RSA certificates by editing the value of the
Cert.RSA.Compat.HashScheme=S: setting (under the
[Security] heading). Possible values for the string after the
colon (:) are md5 and sha1. The default value is
md5 which works in most cases.
Cert.RSA.Compat.HashScheme=S:md5
Fallback Compatibility
It is also possible to disable fallback compatibility code for older, or
otherwise incompatible versions of the software. Do not disable fallback
compatibility unless you know what you are doing. The default value is
no.
The fallback compatibility code can be disabled by editing the
DisableVersionFallback=N: value (under the
[Security] heading) to 0.
DisableVersionFallback=N:0
