To do so please set in seos.ini
This forces communication based on the LCA protocol, like policyfetcher - DH communication, to use TLSv1.2 over port 5249
Note, any setting for communication_mode in seos.ini is ignored if fips_only=1 is set.
Please see also our documentation
Thank you for your quick response.
I understood how to set the FIPS mode.
Please accept other questions.
One of our users has to prohibit transactions with 3DES encryption.
Is there any way to do except for setting FIPS mode?
Also, this is a just confirmation.
If we set fips mode, 3DES transactions are automatically prohibited.
Am I right?
That is correct
As mentioned before, fips_only=1 forces LCA communication to use TLSv1.2 only over port 5249
Thank you for your kind explanation.
The user is planning to apply the FIPS mode.
Looking through the manual, we found below description.
FIPS Compliance Considerations
Consider the following points:
•When moving from non-FIPS to FIPS, the policy model cannot read old commands.
We are currently not able to grasp precisely what we have to take it consideration.
I'm guessing that this implies there is a service impact to PMDB server(s), when the they set the fips mode.
Is there any description indicating concrete steps they should follow when applying the mode?