Hi Sarb,

thanks for the post. Does this section in the documentation help you?
Home > Operations > Security > FIPS Encryption > Network Router Communication Scenarios

Think its not going to be SSL to NonStop yet but I'll try to get other folks involved to comment.

There is node-to-node encryption between the NonStop 10.2 and later the Windows Managing node.
The full FIPS mode introduced in Prognosis 11.x (which uses stronger encryption) though is not available.

To enable the encryption if you have not already you need to ensure a couple things are present in your NETWORK configuration.

1) This line, if present, needs to be explicitly commented out or removed.
FORCE-LEGACY-CONNECTIONS ()

2) This line, if present, needs to be explicitly commented out or removed.

ALLOW-LEGACY-CONNECTIONS

Thank you for the replies.

We are currently using 10.5 and have SSL encryption via a tunneling proxy service, Comforte Remote Proxy. This provides an SSL link between the NonStops and Windows node. But its rubbish.
We are planning on upgrading to V11.X.
If V11.X has native SSL, then i can remove the Comforte software.

I shall confirm with support if FIPS encryption would suffice.

Hi Sarb,

Just to be clear, Prognosis on NonStop does not currently (as of 11.2) use SSL encryption. It uses a similar, but incompatible, encryption using AES and SHA256 MAC. It is therefore not FIPS 140-2 compliant. All connections are still encrypted using the aforementioned AES/SHA256 encryption. (and, in your case, encrypted again by the Comforte SSL proxy)

So, it looks like keeping Comforte for 11.2, if SSL is a requirement.

Cheers,
Peter