Question & Answer
Question
We are considering implementing FIPS 140 mode in z/OS Communications Server. Are there any possible impacts of FIPS 140 mode on z/OS Communications Server performance?
Answer
The z/OS Communications Server IP Configuration Guide states:
"Enabling FIPS 140 mode on a system can affect performance. For example, you might have to change from using a weak encryption algorithm to using one that requires more processing to perform. Even if no algorithm changes are necessary, the IKED, the NSSD, and the TCP/IP stacks perform their cryptography operations in a different way when FIPS 140 mode is enabled than when it is not enabled, because FIPS 140 imposes additional self-verification requirements and access restrictions, and because hardware accelerated implementations of some cryptographic operations might not be available in FIPS 140 mode."
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
09 September 2015
UID
dwa1187040