FIPS support in nginx?
vl at nginx.com
Mon Jun 17 09:00:20 UTC 2019
On Fri, Jun 14, 2019 at 02:26:49PM -0400, tlemons wrote:
> Does nginx have a 'FIPS mode'? If so, where can I find this documented?
nginx uses openSSL library for all cryptographic operations.
Thus it is enough to turn on FIPS mode in the library.
For example, here  are instructions for RHEL. Other distributions
have similar methods of enabling it system-wide.
Note that RHEL implementation of FIPS in OpenSSL depends
on kernel components (random number generation), that's why
they require to turn FIPS system-wide.
Note also that FIPS module from openssl.org is another implementation
than RHEL's and it is not available for latest openssl version 1.1.1
More information about the nginx