Specifying this option forces all database server encryption to use FIPS-approved algorithms. This option applies to strong
database encryption, client/server transport-layer security, and web services transport-layer security. You can still use
unencrypted connections and databases when the -fips option is specified, but you cannot use simple encryption.
Separately licensed component required
ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to
For strong database encryption, the -fips option causes new databases to use the FIPS equivalent of AES and AES256 if they
are specified in the ALGORITHM clause of the CREATE DATABASE statement.
When the database server is started with -fips, you can run databases encrypted with AES, AES256, AES_FIPS, or AES256_FIPS
strong encryption, but not databases encrypted with simple encryption. Unencrypted databases can also be started on the server
when -fips is specified.
The SQL Anywhere security option must be installed on any computer used to run a database encrypted with AES_FIPS or AES256_FIPS.
For SQL Anywhere transport-layer security, the -fips option causes the server to use the FIPS-approved RSA encryption cipher,
even if RSA is specified. If ECC is specified, an error occurs because a FIPS-approved elliptic-curve algorithm is not available.
For transport-layer security for web services, the -fips option causes the server to use HTTPS FIPS, even if HTTPS is specified.
When you specify -fips, the ENCRYPT and HASH functions use the FIPS-approved RSA encryption cipher, and password hashing uses
the SHA-256 FIPS algorithm rather than the SHA-256 algorithm.