search cancel

Enabling And Disabling AESCACHE Control Option In Top Secret

book

Article ID: 255528

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

1) Before enabling AESCACHE, is there anything that you should consider before enabling AESCACHE (like taking backups etc..)?

2) Are there any performance impacts after enabling AESCACHE?

3) Can the back out be done dynamically as well as by IPL?

Environment

Release : 16.0

Resolution

1) No backups are necessary, however, before setting AESCACHE(ON), make sure that the following Top Secret r16 fixes are applied:
SO05264 - AES ENCRYPTED PASSWORD CACHING OPTION
SO08736 - WITH AESCACHE(ON), NEW PASSWORD IS CPFED IN UPPER CASE
SO09529 - S0C4 TSSRFR00+56 AESCACHE(ON) PASSWORD PHRASE
SO15439 - TSS CONTROL OPTION AESCACHE BEING TURNED OFF

2) Assuming you are using AES 256 password encryption, the performance impact should be a positive one. This option was added to the product to alleviate performance issues when using AES256 encryption.

3) AESCACHE can be set to OFF dynamically with TSS MODIFY AESCACHE(OFF) or via recycle of Top Secret (or IPL) after removing AESCACHE(ON) in the Top Secret parameter file. 
NOTE: The TSS MODIFY command is only valid until the next recycle of Top Secret. To make the change permanent, remove AESCACHE(ON) from the Top Secret parameter file.