Tompkins, Michael
2018-Oct-02 17:50 UTC
[Samba] Is samba FIPS compliant ? Can it be build with openssl ?
I'm checking back in to see if samba is FIPS compliant, as in using FIPS compliant algorithms ? Can it be built with openssl, which is FIPS compliant ? We're currently running 4.7.5. Please let me know. Regards, Mike
Jeremy Allison
2018-Oct-02 18:07 UTC
[Samba] Is samba FIPS compliant ? Can it be build with openssl ?
On Tue, Oct 02, 2018 at 05:50:35PM +0000, Tompkins, Michael via samba wrote:> I'm checking back in to see if samba is FIPS compliant, as in using FIPS compliant algorithms ? Can it be built with openssl, which is FIPS compliant ? We're currently running 4.7.5. Please let me know.FIPS certification is expensive and time-consuming, and no Open Source project that I know of has ever complied. Having said that, individual vendors have gotten FIPS certification for specific versions of their product, Red Hat being one. As Red Hat ships by default with Samba, I think we're probably *able* to be FIPS certifiable, but you're going to have to do the actual FIPS certification work yourself :-). Cheers, Jeremy.
Tompkins, Michael
2018-Oct-02 18:47 UTC
[Samba] Is samba FIPS compliant ? Can it be build with openssl ?
Thanks for the quick reply Jeremy. We have other FIPS compliant libraries, which check for, and ensure the proper FIPS compliant algorithms are used. Is there a link option to specify this kind of library ? ~ Mike -----Original Message----- From: Jeremy Allison <jra at samba.org> Sent: Tuesday, October 2, 2018 2:08 PM To: Tompkins, Michael <Michael.Tompkins at xerox.com> Cc: samba at lists.samba.org; USA Xerox Samba <USA.Xerox.Samba at xerox.com> Subject: Re: [Samba] Is samba FIPS compliant ? Can it be build with openssl ? On Tue, Oct 02, 2018 at 05:50:35PM +0000, Tompkins, Michael via samba wrote:> I'm checking back in to see if samba is FIPS compliant, as in using FIPS compliant algorithms ? Can it be built with openssl, which is FIPS compliant ? We're currently running 4.7.5. Please let me know.FIPS certification is expensive and time-consuming, and no Open Source project that I know of has ever complied. Having said that, individual vendors have gotten FIPS certification for specific versions of their product, Red Hat being one. As Red Hat ships by default with Samba, I think we're probably *able* to be FIPS certifiable, but you're going to have to do the actual FIPS certification work yourself :-). Cheers, Jeremy.
Apparently Analagous Threads
- Is samba FIPS compliant ? Can it be build with openssl ?
- Is samba FIPS compliant ?
- Compiling OpenSSH with OpenSSL-fips 0.9.8o on Windows
- [Bug 1987] New: FIPS signature verification incompatibility with openssl versions > 0.9.8q
- OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?