Requires that only FIPS-certified algorithms can be used for strong database and communication encryption.
iqsrv16 -fips ...
Windows, Unix, and Linux.
Specifying this option forces all database server encryption to use FIPS-certified algorithms. This option applies to strong database encryption, client/server transport-layer security, and web services transport-layer security. You can still use unencrypted connections and databases when the -fips option is specified, but you cannot use simple encryption.
For strong database encryption, the -fips option causes new databases to use the FIPS-certified equivalent of AES and AES256 if they are specified in the ALGORITHM clause of the CREATE DATABASE statement.
When the database server is started with -fips, you can run databases encrypted with AES, AES256, AES_FIPS, or AES256_FIPS encryption, but not databases encrypted with simple encryption. Unencrypted databases can also be started on the server when -fips is specified.
For transport-layer security, the -fips option causes the server to use the FIPS-certified RSA encryption algorithm, even if RSA is specified.
For transport-layer security for web services, the -fips option causes the server to use FIPS-certified HTTPS, even if HTTPS is specified.
When you specify -fips, the ENCRYPT and HASH functions use the FIPS-certified RSA encryption algorithm, and password hashing uses the SHA-256 FIPS algorithm rather than the SHA-256 algorithm.