-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does Ruby's OpenSSL library have a FIPS certificate? #685
Comments
As far as I know, if you use OpenSSL 3.0.0 or 3.0.8, these are FIPS certificates. This repository is a Ruby OpenSSL library ( https://www.openssl.org/source/
But I think it's better to ask it at OpenSSL discussions or the OpenSSL mailing list "openssl-users". |
Technically you can build the FIPS module in FIPS-certificated OpenSSL 3.0.0 or 3.0.8, and then you can use the FIPS module with a newer version of OpenSSL. My guess is this case is still FIPS-certificated. The installation document is here. My guess is the status of the Ruby OpenSSL library doesn't affect the status of the FIPS-certificated. The matter is if you use the FIPS module in OpenSSL 3.0.0 or 3.0.8. |
Note that if you use enterprise Linux distributions, they may have FIPS-certifications for necessary components to make their entire OS FIPS-certificated. You can ask their customer support for that. |
Yes, this repository does not implement the cryptographic algorithms but only provide access to that in OpenSSL, so it's not a subject to validation. |
Hi,
I found that in the codebase we have the ability to turn on fips_mode with a flag set. Do we have a certificate for that from NIST? Specifically if my application depends on this library, set fips_mode to be true and use it properly, am I FIPS-certificate?
The text was updated successfully, but these errors were encountered: