FIPS support in nginx?

Vladimir Homutov vl at nginx.com
Mon Jun 17 09:00:20 UTC 2019


On Fri, Jun 14, 2019 at 02:26:49PM -0400, tlemons wrote:
> Hi
>
> Does nginx have a 'FIPS mode'? If so, where can I find this documented?
>
> Thanks!
> tl
>

nginx uses openSSL library for all cryptographic operations.
Thus it is enough to turn on FIPS mode in the library.
For example, here [1] are instructions for RHEL. Other distributions
have similar methods of enabling it system-wide.
Note that RHEL implementation of FIPS in OpenSSL depends
on kernel components (random number generation), that's why
they require to turn FIPS system-wide.
Note also that FIPS module from openssl.org is another implementation
than RHEL's and it is not available for latest openssl version 1.1.1

[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/security_considerations-in-adopting-rhel-8#fips-mode_security



More information about the nginx mailing list