So I see from the release notes for 5.2.8 that AES-NI is now available.
(This is an instruction set from Intel that provides for faster crypto functions from the CPU.)
I have a bunch of questions about this:
Can I switch my 5.2.x clients from AES (FIPS) to AES-NI?
Is there a down-side to doing this?
What's the performance impact of switching?
How would I do this in EEM?
Are there other questions I should be asking?
it's not formally supported, but since the AES-NI driver algorithm ships with the AES-FIPS DLL, I Imagine they are bit compatible.
Maybe just update the .dlm and .sys files on a test FIPS machine and see if it still boots?