We are currently using 10.5 and have SSL encryption via a tunneling proxy service, Comforte Remote Proxy. This provides an SSL link between the NonStops and Windows node. But its rubbish. We are planning on upgrading to V11.X. If V11.X has native SSL, then i can remove the Comforte software.
I shall confirm with support if FIPS encryption would suffice.
Just to be clear, Prognosis on NonStop does not currently (as of 11.2) use SSL encryption. It uses a similar, but incompatible, encryption using AES and SHA256 MAC. It is therefore not FIPS 140-2 compliant. All connections are still encrypted using the aforementioned AES/SHA256 encryption. (and, in your case, encrypted again by the Comforte SSL proxy)
So, it looks like keeping Comforte for 11.2, if SSL is a requirement.