Could you someone kindly check this?
Original Message:
Sent: 04-13-2020 02:55 AM
From: Akio UCHIDA
Subject: settings the fips mode
Hi,
Thank you for your kind explanation.
The user is planning to apply the FIPS mode.
Looking through the manual, we found below description.
-----
FIPS Compliance Considerations
Consider the following points:
•When moving from non-FIPS to FIPS, the policy model cannot read old commands.
-----
We are currently not able to grasp precisely what we have to take it consideration.
I'm guessing that this implies there is a service impact to PMDB server(s), when the they set the fips mode.
Right?
Is there any description indicating concrete steps they should follow when applying the mode?
Regards.
UCHIDA Akio
Original Message:
Sent: 04-08-2020 02:54 AM
From: Andreas Müller
Subject: settings the fips mode
That is correct
As mentioned before, fips_only=1 forces LCA communication to use TLSv1.2 only over port 5249
Best Regards,
Andreas
Original Message------
Hello,
Thank you for your quick response.
I understood how to set the FIPS mode.
Please accept other questions.
One of our users has to prohibit transactions with 3DES encryption.
Is there any way to do except for setting FIPS mode?
Also, this is a just confirmation.
If we set fips mode, 3DES transactions are automatically prohibited.
Am I right?
Regards,
UCHIDA Akio