Enabling FIPS Compliance in Open Client and Open Server

You can enable FIPS 140-2 compliance in Open Client and Open Server.

  • The application must set the context property CS_PROP_FIPSMODE to CS_TRUE in the ocs.cfg file, or,

  • Set the environment variable SYBOCS_FIPS_MODE to 1.

When FIPS compliance is enabled on Microsoft Windows the preferred base address to be loaded in memory for Open Client is 0xFB00000. This is to avoid a base address conflict arising from the OpenSSL incore fingerprint integrity check.
Note: Open Client fails to initialize with “FIPS fingerprint check failed” error if this preferred base address is not available.
Parent topic: Enabling FIPS Compliance