2016-12-02 17:55 GMT+05:00 debbie10t <debbie...@gmail.com>:
> Hi,
>
> On 02/12/16 10:32, boxar...@yandex.ru wrote:
> > Hi!
> >
> > I would like to know if it's possible to enable fips enabled encryption
> on my vpn server?
> > Here is a link to fips user guide https://www.openssl.org/docs/
> fips/UserGuide-2.0.pdf .
> > It looks like I'd have to change source code and compile it myself to
> make it FIPS compliant.
> > Any help or advice would be very much appreciated.
> >
>
> Without very much effort it is possible to build openvpn with openssl
> FIPS support on CentOS7:
>
> OpenVPN 2.4_beta2 [git:master/1c587a1112220618+]
> x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL]
> [MH/PKTINFO] [AEAD] built on Dec 1 2016
> library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
>
> OpenSSL 1.0.1e-fips appears to be the default openssl developer library
> in CentOS7.
>
> I do not know enough about FIPS certification to advise if *only* this
> change is sufficient to cover you for real world certification.
>
since we build openssl ourselves in travis-ci, should we add "openssl fips"
to travis-ci build matrix ?
I guess "just build" is not proper testing.
and, as already said here, at least MD5 will become unavailable in fips mode
>
> Regards
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
