This task allows the key chain configuration to accept the choice of the cryptographic algorithm.
From Cisco IOS XR Software
Release 6.7.2
and later, you must follow the below guidelines while configuring the key chain. These are applicable only for FIPS mode
(that is, when crypto fips-mode is configured).
-
You must configure the session with a FIPS-approved cryptographic algorithm. A session configured with non-approved cryptographic
algorithm for FIPS (such as, MD5 and HMAC-MD5 ) does not work. This is applicable for OSPF, BGP, RSVP, ISIS, or any application using key chain with non-approved cryptographic
algorithm.
-
If you are using any HMAC-SHA algorithm for a session, then you must ensure that the configured key-string has a minimum length of 14 characters. Otherwise, the session goes down.