What are the possible impacts of FIPS 140 mode on z/OS Communications Server performance?

Question & Answer

Question

We are considering implementing FIPS 140 mode in z/OS Communications Server. Are there any possible impacts of FIPS 140 mode on z/OS Communications Server performance?

Answer

The z/OS Communications Server IP Configuration Guide states:

"Enabling FIPS 140 mode on a system can affect performance. For example, you might have to change from using a weak encryption algorithm to using one that requires more processing to perform. Even if no algorithm changes are necessary, the IKED, the NSSD, and the TCP/IP stacks perform their cryptography operations in a different way when FIPS 140 mode is enabled than when it is not enabled, because FIPS 140 imposes additional self-verification requirements and access restrictions, and because hardware accelerated implementations of some cryptographic operations might not be available in FIPS 140 mode."

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Was this topic helpful?

Document Information

Modified date:
09 September 2015

UID

dwa1187040

Tips