Thanks Michael for the detailed reply! Do you know what is the case for OpenSSL, used by ActiveMQ for secured communication (ssl)? Are there any ActiveMQ distribution compiled with a FIPS-complaint openSSL version (http://www.openssl.org/docs/fips/fipsnotes.html)?
Thanks, Amir On Thu, Jun 21, 2012 at 5:10 PM, mickhayes [via ActiveMQ] < ml-node+s2283324n4653436...@n4.nabble.com> wrote: > I came across this FIPS topic on introduction of Mozilla NSS in our > organisation (we have a fairly detailed procedure when new FOSS software is > introduced.) > > To answer the question, ActiveMQ isn't on the published lists, so the > answer is no -a product is not compliant until it has been certified as > such. > Once a module is validated, then it's on the validated lists: > http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm > > > However, I would question whether ActiveMQ needs to be - perhaps a "FIPS > mode" would suffice. > > Consider NSS. Now it's validated - FIPS 140-2 compliant. So Firefox has a > FIPS mode. Once you have a password for your "encryption device" you can > turn on FIPS mode. > > ActiveMQ - like Firefox -doesn't itself own or develop any cryptographic > modules. > At a simple level, for encrypted passwords, the Apache V2-licensed jasypt > library is used http://www.jasypt.org > Jasypt relies on JCE. > > You can see on csrc.nist.gov which JCE modules have been validated as > compliant. > > Note the concept of "FIPS mode" - explained well here: > https://developer.mozilla.org/en/NSS/FIPS_Mode_-_an_explanation > > > > Michael Hayes B.Sc. (NUI), M.Sc. (DCU), SCSA SCNA > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > http://activemq.2283324.n4.nabble.com/FIPS-140-2-tp4653345p4653436.html > To unsubscribe from FIPS 140-2, click > here<http://activemq.2283324.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4653345&code=amVyYmlhQGdtYWlsLmNvbXw0NjUzMzQ1fDE4NjAwMDczMDQ=> > . > NAML<http://activemq.2283324.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://activemq.2283324.n4.nabble.com/FIPS-140-2-tp4653345p4653439.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
