Thanks Ilya. I think there are 2 things we are interested in: 1) If the crypto is done with a FIPS validated module 2) Are the crypto algorithms all FIPS approved
For 2), I think we can choose the encryption algorithms we use in IPSec (Please correct me if I was wrong). For 1), do you have more information on that? On Mon, May 13, 2024 at 2:39 AM Ilya Maximets <i.maxim...@ovn.org> wrote: > On 5/12/24 08:17, Jim C via discuss wrote: > > We want to use Open vSwitch to build our network and enable IPSec > > for encryption in-transit. I wonder if there is a document that > > describes if the OVS package itself is FIPS compliant? > > Hi, Jim. > > If I'm not mistaken, FIPS compliant can only be a built binary and > Open vSwitch project doesn't release binaries. You need to ask > the distribution where you get your binary packages from. > > However, all the important crypto in OVS is performed by OpenSSL, > so it should be compliant as long as you're linking with compliant > version of OpenSSL. But again, you need to ask your distribution. > > Best regards, Ilya Maximets. > > > > > Maybe my question is not described accurately. Please let me know > > what more information is needed. > > > > Thanks. > >
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
