The following describes best practices and considerations for working with FIPS mode:
Key lengths and FIPS compliance
Symantec Messaging Gateway currently lets you import TLS keys and HTTPS keys that are shorter than the minimum key length permitted by FIPS 140-2 level 1 standard. When you use SNMPv3, be sure that you use a key that is long enough to conform to the FIPS 140-2 level 1 standard. To conform to the FIPS 140-2 level 1 standard, administrators must remember to create keys that are 1024 bits or greater in length.
About FIPS mode and SNMPv3
If you use SNMPv3 and want to run Symantec Messaging Gateway in FIPS mode, you must configure the Control Center to use the SHA1withRSA authentication type.
You should be aware that the Require TLS encryption option for SMTP authorization does not work as you would expect when you have FIPS mode turned on. When this option is turned off, Symantec Messaging Gateway accepts both TLS and SSLv3.0 connections. However, when FIPS mode is turned on, Symantec Messaging Gateway supports and uses only TLS encryption and all earlier encryption modes fail. So, when FIPS mode is turned on, even if you have disabled the Require TLS encryption option, SSLv3.0 connections fail.