National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. One of the standards published by NIST is the Federal Information Processing Standard Security Requirements for Cryptographic Modules referred to as ‘FIPS 140-2’. FIPS 140-2 provides a standard that can be required by organizations which specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data.

The objective of System SSL is to provide the capability to execute securely in a mode that is designed to meet the NIST FIPS 140-2 criteria. To this end, System SSL can run in either ‘FIPS mode’ or ‘non-FIPS mode’. System SSL by default runs in ‘non-FIPS mode’ mode. Applications wanting to execute in FIPS mode must code to the gsk_fips_state_set() API. See Application changes for more information.

To meet the FIPS 140-2 criteria, System SSL, when executing in FIPS mode, is more restrictive with respect to cryptographic algorithms, protocols, and key sizes that can be supported.