000023758 - Why is performance slower in FIPS mode?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023758
IssueDetermine why is performance slower in FIPS mode

FIPS-140 validated modules are required to perform start-up self tests as well as additional tests during random number and key generation. 
This imposes an initial time penalty when the library is initially loaded.  The default pseudo-random number generaltion algorithm is slower than non-FIPS implementaitons, also, which may present an additional time penalty.

In general, cryptographic operations in SSL-C are optimized for SSL communications.
In FIPS mode, however, these operations need to be mapped to the Crypto-C ME FIPS validated module, which (as of SSL-C 2.8.1) has not been strictly optimized for SSL operations.

Legacy Article IDa36957