cancel
Showing results for 
Search instead for 
Did you mean: 

Native SSL Encryption

Sarb_Singh
05 Base Camper

Native SSL Encryption

Hi All,

I have checked the online documentation and searched the forum but not found the answer to this question:
Does Prognosis support native SSL for NonStops and Windows node?

Thank you.
4 REPLIES 4
Anon
Community Manager

Re: Native SSL Encryption

Hi Sarb,

thanks for the post. Does this section in the documentation help you?
Home > Operations > Security > FIPS Encryption > Network Router Communication Scenarios

Think its not going to be SSL to NonStop yet but I'll try to get other folks involved to comment.
ChristopherS
12 Sherpa

Re: Native SSL Encryption

There is node-to-node encryption between the NonStop 10.2 and later the Windows Managing node.
The full FIPS mode introduced in Prognosis 11.x (which uses stronger encryption) though is not available.

To enable the encryption if you have not already you need to ensure a couple things are present in your NETWORK configuration.

1) This line, if present, needs to be explicitly commented out or removed.
FORCE-LEGACY-CONNECTIONS ()

2) This line, if present, needs to be explicitly commented out or removed.

ALLOW-LEGACY-CONNECTIONS

If my answer helped you today, please be sure to mark the resolved button to assist others.

Christopher R Souser - Solution Architect – MSci. PA, CISSP, ITIL.
Sarb_Singh
05 Base Camper

Re: Native SSL Encryption

Thank you for the replies.

We are currently using 10.5 and have SSL encryption via a tunneling proxy service, Comforte Remote Proxy. This provides an SSL link between the NonStops and Windows node. But its rubbish.
We are planning on upgrading to V11.X.
If V11.X has native SSL, then i can remove the Comforte software.

I shall confirm with support if FIPS encryption would suffice.

Re: Native SSL Encryption

Hi Sarb,

Just to be clear, Prognosis on NonStop does not currently (as of 11.2) use SSL encryption. It uses a similar, but incompatible, encryption using AES and SHA256 MAC. It is therefore not FIPS 140-2 compliant. All connections are still encrypted using the aforementioned AES/SHA256 encryption. (and, in your case, encrypted again by the Comforte SSL proxy)

So, it looks like keeping Comforte for 11.2, if SSL is a requirement.

Cheers,
Peter