235• The SSL server only supports TLS1.0.• The SSH server does not support SSHv1 clients.• The generated RSA and DSA key pairs must have a modulus length of 2048 bits.• SSH, SNMPv3, IPsec, and SSL do not support DES, 3DES, RC4, and MD5 algorithms.• The keys must contain at least 15 characters and 4 compositions of uppercase and lowercase letters,digits, and special characters. This requirement applies to the following passwords (the last twopasswords are used for password control):{ AAA server's shared key.{ IKE per-shared key.{ SNMPv3 authentication key.{ Password for a device management local user.{ Password for switching user roles.FIPS self-testsTo ensure the correct operation of cryptography modules, FIPS provides self-test mechanisms, includingpower-up self-test and conditional self-test. You can also trigger a self-test. If the power-up self-test fails,the device where the self-test process exists reboots. If the conditional self-test fails, the system outputsself-test failure information.NOTE:If a self-test fails, contact H3C Support.Power-up self-testsThe power-up self-test, also called "known-answer test", examines the availability of FIPS-allowedcryptographic algorithms. A cryptographic algorithm is run on data for which the correct output isalready known. The calculated output is compared with the known answer. If they are not identical, theknown-answer test fails.The power-up self-test examines the following cryptographic algorithms:• DSA (signature and authentication).• RSA (signature and authentication).• RSA (encryption and decryption).• AES.• 3DES.• SHA1.• HMAC-SHA1.• Random number generator algorithms.Conditional self-testsA conditional self-test runs when an asymmetrical cryptographic module or a random number generatormodule is invoked. Conditional self-tests include the following types: